09-10-2002 01:46 PM - edited 03-09-2019 12:15 AM
Hello All,
I used IDM to create some filters on a number of signature. I works great to filter out false positive alarms. How do I populate these filters to my CSPM? Any help will greatly be appreciated.
Thanks,
Damien Dinh
09-15-2002 05:01 PM
Using IDM and CSPM to manage the one sensor is not a supported configuration, although generally should work. Be aware though that any changes you make via IDM are going to be erased the next time CSPM pushes out the config.
There's really no easy way to get these into CSPM other than delete the sensor out of your configuration, then add it back in with the Add Sensor Wizard, making sure to click the "Capture Sensor configuration" checkbox when you do so. CSPM should then go and get the configuration from teh sensor and copy it all in, including the filters.
As I said though, be careful when using IDM and CSPM on the one machine.
09-15-2002 07:50 PM
A possible solution.
IDM will have created RecordOfExcludedPattern and possible RecordOfIncludedPattern tokens in packetd.conf.
Copy these entries and paste then into the Epilogue within CSPM for that sensor.
CSPM will then add these lines to the bottom of the CSPM created packetd.conf file.
It doesn't give you ability to modify them through CSPM's Filter Tab. Instead you will have to edit them directly in the Epilogue window.
Over time you can take one line at a time and see if you can create a CSPM equivelant filter in the CSPM Filter Tab.
SOme lines can not be supported by the CSPM Filter Tab and will have to remain in the Epilogue window.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide