12-08-2008 09:56 AM
I had a mis-configured drop rule that logged to the DB.
Is it possible to go back and review the event in the DB to get the info from the attack?
Solved! Go to Solution.
12-09-2008 07:33 AM
With the risk of telling you something you already know...events "logged to DB" are excluded from the incident process but processed when creating reports, so one solution in this case would be to set up a raw data report to see what exactly was logged.
/Fredrik
12-09-2008 07:33 AM
With the risk of telling you something you already know...events "logged to DB" are excluded from the incident process but processed when creating reports, so one solution in this case would be to set up a raw data report to see what exactly was logged.
/Fredrik
12-09-2008 08:10 AM
You and I had similar ideas. I pulled the raw logs and it was able to answer my questions.
Sorry it was late in the day or I would have replied earlier.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide