For "IP Address matching" enVision checks the circuits in the Correlation Rule Logic only when the IP address matching criteria is met. For "Threshold Definitions" Event thresholds can be defined in terms of the following:
A specific number of events are received within a specified time period.
The total number of events received is either greater than or less than either the selected event average or event baseline
The absence of events being received. If you normally receive a specific message and you do not receive one for a user-specified period of time, this constitutes an alert. (This threshold definition is only used for correlation statements.)
If you want to consider every event received for that message as an alert, then no threshold is set.
Each time a threshold is met within the time frame enVision issues 1 alert, and resets the event count for the threshold. For example, depending on how you set up the threshold criteria, if the threshold criteria is met 3 times during an hour, enVision issues 3 alerts.
Related Articles
Error: The system cannot locate the specified RDN 'DC=x, DC=y' in the external identity source 'example. Verify that the d… Number of Views RSA Governance & Lifecycle Services 101: Dynamic Reports & Charts - What are they and how do you use them? Number of Views How do you map Active Directory LdapErr codes to Access Manager authentication result codes? Number of Views What is the difference between RSA ACE/Agent 5.x for UNIX and a Communications Server? Number of Views Does RCM have any vulnerabilites by using MD5 for referencing objects in the administration console? Number of Views
Trending Articles
RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide RSA Authentication Manager 8.9 Release Notes (January 2026) RSA Release Notes for RSA Authentication Manager 8.8 RSA-2026-04: RSA Governance and Lifecycle Security Update for SUSE Linux Enterprise Server Vulnerabilities RSA Governance & Lifecycle 7.5.2 Administrator's Guide
