Hi Hemant,
Log source groups are only good for offenses of event type. If you have flow offenses, then your filter by log source group will not work.
I suggest you create your network hierarchy, and then create an offense report monthly based on your network hierarchy. This way, you'll catch both event and flow offenses in the same report. Also, you can set your report to run each month automatically without any effort ;)
I hope this helps.
Regards,
------------------------------
Anthony Gayadeen, Videotron Ltd
Montreal QC
------------------------------
Original Message:
Sent: Thu July 11, 2019 11:17 AM
From: Hemant Kumar
Subject: How to extract offense generated based of log source groups?
Greetings All,
We have multiple(~11-12) log source groups created based on locations. for eg, Dubai, Spain, US, etc. The ask is to track (on a monthly base) the number of offenses generated per market(log source group).
I tried to get the count from Offenses tab under "By Network" but that doesn't provide a working solution.
Wondering if someone is aware of any AQL search or any other way which can be used to get this info?
Thanks,
------------------------------
kh
------------------------------