Hi there,
recently I made a sequence correlation rule where I'm looking for 4
events which have to be triggered when the user connects to VPN.
I'm looking for information like public IP, assigned IP, username,
domain etc. - but each of this parsed fields is contained in different
event and it's not possible to group them.

What I'm trying to achieve is one alert with all this info in it, so I
can make dashboards and reports from it.
This is not covered in documentation (or at least I didn't find it) and
I had no luck with google as well, but I'm pretty sure someone had to
deal with the same problem.

Does anyone has an idea how to get specific parsed fields from different
events into one alert?
Any help appreciated.


jmacku's Profile: https://forums.netiq.com/member.php?userid=9316
View this thread: https://forums.netiq.com/showthread.php?t=54373