I'm struggling to get Security Analytics to give any really useful
reports. I'm employed where we have FTI data stored across multiple
servers, segmented & firewalled heavily; I'm just trying to come up with
a simple graph showing user activity on ea...
Currently using Security Analytics 10.4I'm running a daily report on
password changes by non-owner, i.e., user changes a different user's
password.The predicate clause is:alert.id = 'account:modified' &&
category = 'user account management' && device...
I don't know that I have any security concerns with using an LDIF file
to bulk load. I think the only real difference between 1, 2 for me is
that the Network Support folks might get testy if the bulk load swamps
available network bandwidth during ini...
Options 1,2 both seem useful from my perspective; the initial bulk load
would make the meta creation a bit faster (it would seem) after
bootstrapping since we would (probably) not see an initial surge in LDAP
activity during lookup of user data.As an...
I'd like to know a bit more about this: I can't seem to get this working
(which may be related to being in a "shared-services" set up, but let's
not get ahead of ourselves). Use Log Collector's your URL
(http:///.feed) while configuring the push to
I've been struggling with this one for a while; it's compounded by our
lack of a packet decoder. You probably want to create custom alerts
based on your various logs and then write a custom parser (lua) that
does your correlation for you and populate...
This is just a report, I'm fairly certain that you don't need to go to
the trouble of creating a custom meta key. just creating a rule that
selects device.type then lookup_and_add device.host and dedup it.
Aggregate by Event Count and you've got a pr...