12-10-2014 10:58 AM - edited 03-12-2019 05:36 AM
Can someone please describe and provide a definition and the differences of a connection event and an intrusion event, as seen in Sourcefire's Defense Center..
Thank you,
12-17-2014 07:03 PM
Connection events are the records of any connection that occurs on a monitored network. This can be an Access Control Policy, File Policy, IPS Policy, etc.
An intrusion event is a subset of connection events that matches a configured Snort rule in the IPS policy configuration. An intrusion event will occur when a connection event matches a configured signature in your IPS policy.
12-26-2014 02:00 PM
Hello friends,
Please, allow me to resurect this old post. I have already installed CSM 4.4 and now I am able to manage an ASA. I have already configured according to the nex User Guide:
http://www.cisco.com/c/en/us/td/docs/security/security_management/cisco_security_manager/security_manager/4-4/user/guide/CSMUserGuide_wrapper/evntchap.html
I am not able to see the events in the Event Viewer client. Would any body suggest me how to troubleshoot this?
Regards!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide