Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
I got spam too much Alert Critical for PROXY_AUTH in Azure Sentinel. This is the highest alert so i can't remove this, i want setting in Cisco WSA but i don't know where to exclude this alert in WSA.
Hi there,
i got Cisco Firepower eStreamer Disconnected unexpectedly. i don't setting anything for this eStream, but unfortunately i got disconnected. but my CEF via AMA successfully connected. i try to run "./encore.sh test" and it say success. Also...
My name is Zake and i want to ask how to setting severity in Cisco Estream, i use Cisco Firepower 3120 and want ingest log to Azure Sentinel. I was successfull to ingest log but there is too much log i got, when i see there is too much information se...
Sorry but when i check it again i got 2 errors, it says :
1. verify_oms_agent_not_running-------------------> Failureand the second one
2. Could not locate CEF message in tcpdump. Please verify CEF events can be sent to the machine and there is not...
Already setting minimum severity in DCR in Azure Sentinel, but log firewall still ingest informational. I mean if 71 is not too critical i can exclude that, but i need to exclude what code more except 71 ?
I got confused whatever informational code except 71, already read the documentation you give me link but still confused.Would you please give me all informational code ? i want to amke it only WARNING to CRIT severity