2016-03-02 04:59 AM
Hi,
I had integrated almost 10 windows machines from snare method, but when I check the logs from those machines then all the logs from the windows machines are detecting as under "ciscorouter".
I had opened a case regarding the same with RSA CS, so as per them they are saying that our engineering team is working on the same to fix is for you.
But here the problem, the customer can't live with this kind of issue for too long time.
So is there any one who had faced the same issue and resolved it too.
Kindly advise.
Regards,
Deepanshu Sood.
2016-03-03 01:17 AM
HI David,
My issue get solved now and almost 80% of the logs are going under the right parser, i.e., winevent_snare.
I followed one solution available on the knowledge base, applied the same and the issue get resolved.
Thanks for your suggestion.
Regards,
Deepanshu Sood.
2016-03-02 11:42 AM
Hi can you paste some anonymised log samples so that we can take a look.
2016-03-02 12:43 PM
2016-03-03 01:17 AM
HI David,
My issue get solved now and almost 80% of the logs are going under the right parser, i.e., winevent_snare.
I followed one solution available on the knowledge base, applied the same and the issue get resolved.
Thanks for your suggestion.
Regards,
Deepanshu Sood.
2016-03-03 01:27 AM
Hi Deepanshu,
I'm glad to hear your issue was fixed. Do you happen to remember which knowledge base article resolved your issue?
Thanks,
Jeff
2016-03-03 01:33 AM
This is the one. Thanks.
Regards,
Deepanshu Sood.