I am implementing some controls in AlienVault OSSIM and I think I have discovered a bug.
I am controlling the logins during non working hours. For this purpose I have created a directive to unify some logins events and a policy to catch this directive and execute a script as a consequence. The problem is that everything works fine except when I include a time range. The policy does not take into account the time range that I have set up as a condition, the policy execute the script every time that a login directive is catched regardless of the time.
I have noticed that this "problem" affects me only when I configure a policy based on a directive (policies for events generated in server), if I create the same policy directly based on events the time range does works perfectly.
Maybe there is something that I am missing and that is the reason of my problem, but I am trying to be as simple as I can, and there is no an explanation :-/