9-16
PollCat NetLink-VIP & PollCat NLJ-VIP - User’s Guide
Example 2: After Hours Long Distance Calls.
This clue counts long distance calls placed after 6:00 pm and before 7:00
am. This type of call could indicate that a hacker has obtained an access
code for an outside line and is using the line to dial long distance numbers
after work hours.
For this example, assume the Alarm Filter Format is defined as shown
in Figure 9.8. Note that the first three lines in Figure 9.8 are sample call
records, and the fourth line is the Alarm Filter Format. The variables B, C,
and E are not used for this clue.
Where:
A
is the time the call was received or placed.
D
is the first seven digits of the number dialed.
Match Parameters for this Alarm Clue would be defined as follows:
(A>18:00+A<07:00)*D=1------
Where:
(A>18:00+A<07:00)
Counts calls placed after 18:00 or before 07:00.
*
is the logical AND operator.
D=1------
Counts calls where the first digit of the number dialed is
"1". Note that the remaining 6 digits are entered as wild
card characters (-).
|19:18|067|R.JONES |OUT|12145551234 |25:36|04.75|
|19:20|092|J.SMITH |OUT|18008547226 |01:07|00.00|
|21:21|002|R.JONES |OUT|12135551212 |30:15|05.75|
-AAAAA-BBB-CCCCC------------DDDDDDD-----------EEEEE-------
Figure 9.8: Alarm Filter Format; Match Parameters Example 2
Summary of Contents for PollCat NetLink NLJ-VIP
Page 2: ......
Page 16: ...2 4 PollCat NetLink VIP PollCat NLJ VIP User s Guide...
Page 28: ...4 8 PollCat NetLink VIP PollCat NLJ VIP User s Guide...
Page 90: ...7 26 PollCat NetLink VIP PollCat NLJ VIP User s Guide...
Page 126: ...10 6 PollCat NetLink VIP PollCat NLJ VIP User s Guide...
Page 140: ...13 8 PollCat NetLink VIP PollCat NLJ VIP User s Guide...
Page 150: ...15 6 PollCat NetLink VIP PollCat NLJ VIP User s Guide...
Page 252: ...Apx 22 PollCat NetLink VIP PollCat NLJ VIP User s Guide...
Page 263: ...Index 11 Index...
Page 265: ......