I haven't used the technology myself, but it looks as if you want the Add Log Entry action with the $MatchedContent variable.
If you are routinely running the logs through a utility like grep*, it might be an idea to add a few more variables like $MID and a token word "SPECIALRULE" to allow you to easily extract and process the hits.
Depending on your throughput, this may have some impact on your log file cycle rate.
* this assumes an external device; whilst far from useless, the CLI grep is quite tame compared to what's possible with a less limited shell.
In case you are using a filter to move the offending message to a Policy Quarantine, you can also simply check that message in the quarantine, above the content there will also be a line showing which part was matching.
Hi Team, I have one exclusion provided by internal team which is Is it right way to exclude ? *\Program Files\XYZ\* , as per Cisco Docs i see its not recommended because it will create performance issue when we use * at starting , So...
Central Log Management using Cisco Security Analytics and Logging, December 2nd at 8am-9:30am PT
Cisco Security Analytics and Logging is Cisco’s Central Log Management solution for Network Operations and Security Outcomes. It is delivered both as a c...
Cyberattacks are more sophisticated than ever and your online presence has never been more critical to the success of your business. Cisco, through its OEM partnership with Radware, can help secure your digital future by continuously monitoring...