10-06-2010 02:03 PM - edited 03-10-2019 05:08 AM
Hi All,
Is there a way to know the list of all the signatures that the ips has triggered for the last 24 hrs.......i need just the signature id that the ips has triggered for the last 24 hrs......is there a way to know that?....any suggestions would be helpful.
Thanks
10-06-2010 05:24 PM
Hi,
If you have the IME installed on one of your machines and your IPS module added to the IME, you hsould be able to do the below:
1) Go to Reports.
2) Select "Top Signatures Reports".
3) Under here select "Basic Top Signature".
4) Specify the duration for which you want the report and then press "Generate Report".
5) You can also save the generated report.
If you have multiple IPS devices added to the IME, you can filter for the IPS module you wnat by going to the "Filter" tab and there under "Other Parameters", you should be able to specify the particular "Sensor Name(s)" that you owyuld like the report for.
Let me know if this helps!!
Thanks and Regards,
Prapanch
10-08-2010 08:49 AM
Hi,
Have you managed to try the above out? If there are no more queries, please mark this thrread as answered
Regards,
Prapanch
10-11-2010 03:58 PM
If you are just sitting on the CLI you can run
show event alert past 23:59
I'm sure there's a way to filter it down to just the signature IDs you're looking for.
- Robert
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: