Defining the "When?" Conditions

In the When? section of the Create Alert Rule page, you can define (or edit) what day and/or at what time the suspicious activity occurred.

The "When?" conditions can be configured only for alert type rules.

To define the "When?" conditions

  1. Open the When? section by clicking or the Edit icon.

    Before you begin, make sure that you have read the "Rules for Configuring Alert Conditions" described in Understanding the Logic for Defining Rule Conditions.

  2. To define (or edit) the time (specific date, range of dates, time of day, or days of the week) that the action occurred, select the relevant options, as described in the following table.

    If the Agent and the server are in different time zones, date and time alerts are based on Agent local time. This means that non-working hours in the Agent location might be regular working hours in the server's local time zone.

Options for Defining the "When?" Conditions

Field

Operator

Example Values

Day of week

is

is not

Saturday, Sunday

Time of day

is before

is after

is between

is not between

10:59am
(is between) 08:00am and 06:00pm

Specific date

is

is not

is before

is after

is between

is not between

20/4/2015, 22/4/2015
(is between) 25/4/2015 and 27/4/2015

Specific date and time

is before

is after

is between

is not between

(is between) 25/4/2015 09:00pm and 27/4/2015 06:00pm