How do I find out how many incidents are created by a given correlation rule?

Document ID:3576748
Creation Date:25-Sep-2007
Modified Date:26-Apr-2012
- Micro Focus Products:
  Sentinel

Environment

Microsoft Windows Server 2003 Standard Edition

Microsoft Windows 2000 Server

RedHat Linux

Sun Solaris 9

Novell Sentinel 5.1.x

Novell SUSE Linux Enterprise Server 9

Situation

How can I find out how many incidents are created by a specific correlation rule?

Resolution

From an sql prompt:

sql> select count(*), events.rt2
from events, evt_agent, incidents_events, incidents
where events.agent_id = evt_agent.agent_id
and (evt_agent.st='W' or evt_agent.st='C')
and incidents_events.evt_id = events.evt_id
and incidents.inc_id = incidents_events.inc_id
group by events.rt2;