• Support
  • Forums
  • Blogs
A New Community Experience is Coming! For more information, please see our announcement.

Time range conditions for policies for events generated in server does not works

andresmcandresmc

Hi all,

I am implementing some controls in AlienVault OSSIM and I think I have discovered a bug.

I am controlling the logins during non working hours. For this purpose I have created a directive to unify some logins events and a policy to catch this directive and execute a script as a consequence. The problem is that everything works fine except when I include a time range. The policy does not take into account the time range that I have set up as a condition, the policy execute the script every time that a login directive is catched regardless of the time.

I have noticed that this "problem" affects me only when I configure a policy based on a directive (policies for events generated in server), if I create the same policy directly based on events the time range does works perfectly.

Maybe there is something that I am missing and that is the reason of my problem, but I am trying to be as simple as I can, and there is no an explanation :-/

This is the simple directive I have created:
1

And this is the policy:
2

Many thanks in advance!

Andrés.



Share post:

Comments

  • Ok, I have found the reason. The "problem" (or what I have been missing) is the order of the policies. A previous policy has been blocking it, so reordering them it has been fixed.
Sign In or Register to comment.