I’m trying to create a Building Block that will allow me to add two sets of information(tests)
1) IP addresses of a known server types
• I was going to use this test: “when the source is one of the following IP addresses” to add the list of IP address
2) Username of known accounts used by an application to login to a server
• I’m not sure what test to use to allow me to add a list of multiple usernames
The situation is that an application (used on multiple servers) scans the network for systems on the network and when its client software is not found running on that system it attempts to login and then install the client software. There are a list of usernames it tries to authenticate with that often generates login failure events. I wanted to create a BB: that would allow me to list those IP address and then the list of usernames it attempts to login with.
-------Posted BY William Tisch
SystemAdmin 110000D4XK184 Posts
Re: two options2013-02-21T09:39:08ZThis is the accepted answer. This is the accepted answer.If the usernames follow a pattern like "NameOfApp1", "NameOfApp2", etc you could probably use the "when the username matches the following regex" test.
Or you can always fill a reference set with the usernames and use the "when any of these properties are contained in any of these reference set(s)" test.
Posted By travis.mcwaters