Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Sam2
Contributor

SmartEvent User Defined Events

Hi All, 

I am working on creating a User Defined Event for long standing DNS connections (potential exfil operations) 

When creating the event, I don't get an option to define login for an "Over" amount of duration like >200 seconds as an example. 

I cannot seem to get an event to generate when testing, the times can only be equals, being an exact number. 

Has anyone had any success with creating a user defined event for connections over a specific duration? How did you do it? I also want to do the same for high bandwidth sessions and I am also stuck with equals and no over/under.

 

 

0 Kudos
1 Reply
PhoneBoy
Admin
Admin

My understanding is that these are thresholds, not exact limits.
Which means specifying 200 seconds should have worked.
You may need to check this with TAC.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events