Greetings fellow humans. I am implementing about 250 IPS' in a WAN environment and I am attempting to find a creative way to grab iplog files from a sensor given the Event ID; I will try to build this function in an Intranet web application that the SOC can log into and request log files from a central location for investigations.
The SOC receives alerts via ArcSight, which will give me the Event ID; I will first need to write a function to correlate the Event ID with the Log ID. Once I have the Log ID, then I just need to know the location of the log file, which I assume can be found with the Service account.
My question is, does anyone know where the log files are stored in the sensor?
For extra credit, does anyone have any ideas for correlating the Event and Log ID with a script?
Hi Team, I have one exclusion provided by internal team which is Is it right way to exclude ? *\Program Files\XYZ\* , as per Cisco Docs i see its not recommended because it will create performance issue when we use * at starting , So...
Central Log Management using Cisco Security Analytics and Logging, December 2nd at 8am-9:30am PT
Cisco Security Analytics and Logging is Cisco’s Central Log Management solution for Network Operations and Security Outcomes. It is delivered both as a c...
Cyberattacks are more sophisticated than ever and your online presence has never been more critical to the success of your business. Cisco, through its OEM partnership with Radware, can help secure your digital future by continuously monitoring...