View details about a maximum number of offenses notification. On the System
Overview page, you find that the maximum number of offenses is reached. The notification
might be the result of a rule that was added or modified.
Notifications often accompany abnormal activity that you might want to investigate.
Procedure
Click the navigation menu icon, and then select System Overview from the
list.
By reviewing the system overview, you might find that the number of offenses reached the maximum
limit and that there is a spike in activity.
Click the Maximum active offense reached notification on the graph to
view the details.
By reviewing the notification, you might find that the number of offenses reached the maximum
limit and that new offenses can't be created.
Click the navigation menu icon, and then select Activity from the
list.
From the Activity graph, click the same time range where the
notification is displayed on the System Overview page.
In the detailed list of activities for the time range that you selected, CRE rule was
added displays in the list of activities below the graph.
Click the CRE rule was added activity item to view more information
about the activity.
By reviewing the details in the notification panel, you find that a CRE Rule was added, which
could cause a spike in activity and the Maximum active offenses created
notification to display. By viewing the activity, you can determine whether the change that the user
made to the system is correct. You might find that the user made an error by adding all log sources
to the false positive building block, which caused no offenses to be created.