In the event of an SA Appliance failure, when I RMA the box, how do I
restore the appliance to its original, pre-failure state without having
to rebuild the configuration from scratch? If there is catastrophic
failure, without some type of backup or ...
I uploaded the Shellshock-public.parser. I see it in in Config ->
Parsers tab. I do not see it in Config -> General tab, device parcers
configuration. It was pushed to all my decoders. I also restarted the
services on the decoders. What am I missing?...
We are running RSA SA, ESA and Archer. In Archer I have an alert for:
possible_webshell grouped by source IP: xxx.xx.xxx.xxx, the destination
IP:xx.xx.xxx.xxx and the rule:possible_webshell. I go to SA and do an
investigation. Now what? How do I conf...
One of our log hybrids is ingesting firewall logs. Is it possible to
export all of the firewall logs for June, for example? We also have
Archiver. I am not sure from where to get the logs, if I can get them at
all. Any help is appreciated.John
Good Morning,We have about 1600 windows servers in multiple domains with
the snare client sending to a central syslog server that forwards to one
of our log hybrids. I am only seeing around 700 servers getting to the
log hybrid. I need to determine w...