|
|
|
You can use event correlation rules to detect complex patterns of events that are associated with unusual or dangerous states, or with suspicious activity. CA Enterprise Log Manager provides numerous predefined correlation rules, and the ability to create custom rules or modify predefined ones.
You could deploy a prefined correlation rule to detect suspicious activity after a specified number of failed logins. For example you could use the "5 Failed Logins by a single account followed by excessive configuration management activity" rule. In this case, you could also customize the number of failed logins, or the definition of excessive activity.
For more information about Event Correlation, see the CA Enterprise Log Manager Implementation Guide and CA Enterprise Log Manager Online Help.
| Copyright © 2011 CA. All rights reserved. | Email CA Technologies about this topic |