Working Hours

Working Hours are used to detect unauthorized attempts to access protected systems and other forbidden operations after-hours. To set the Regular Working Hours for an event Record of a security or network incident that is based on one or more logs, and on a customizable set of rules that are defined in the Event Policy., select a Time Object that you have configured from the drop-down list.

To create a Time Object:

1. From the Policy tab, select General Settings Objects > Time Objects.

2. Click Add.

3. Enter a Name and Description.

4. Select the days and times that are considered Regular Working Hours.

5. Click OK.

To assign a Time Object to an event:

1. From the Policy tab, select an event that requires a Time Object (for example, User Login at irregular hours in the Unauthorized Entry event category).

2. Select the Time Object you created from the drop-down list.

3. Select File > Save.