Previous Topic: Using Keyed Lists with Correlation RulesNext Topic: About Incident Notifications

Administration GuideEvent Correlation and Incident ManagementCorrelation Rule TasksExample: Creating a CSV File for Testing

Example: Creating a CSV File for Testing

This example illustrates the creation of a CSV file for correlation rule testing. It is intended to test a rule that searches for 5 failed logins followed by a successful login from a single user.

To create a CSV file to test a failed login followed by success rule

  1. Log in to CA User Activity Reporting Module as an Administrator, and click the Queries and Reports tab.
  2. Search for the "Five Failed Logins by in Last 1 Hour by Performer" query.
  3. Run it and view the results. If there are results, proceed to the next step. If not, create a dummy user, log out, and create failed logins using the new dummy user.
  4. Export the query to CSV, and open the CSV file in Excel.
  5. Add other user details as needed. For example, add information to reflect the sucessful login.
  6. Save the CSV file when it has all the event information you need.
  7. Open the rule you want to test in the Library Explorer, and click the Rule Test tab in the details pane.
  8. Load the CSV file, and confirm that the proper incidents are created.