[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ISSForum] Question about Documentation



I will make the assumption that you are referring to events within the SiteProtector Console.

1) If you wish to see this information from the analysis view you may Right click on any Column Tab and select Add/Edit Tag Name Filter(s).  (You may also get there by clicking the filled blue funnel above your tabs.)  Here you may select SEVERITY, and filter by Severity.  When you are done viewing this filtered view, click the middle funnel to clear the analysis filters (except time).

2) If you wish to see this information for all events, you may do so as follows:
	From within policy, select Network IPS, and open Security Events.  
	Right-clicking the Severity Colum title and you select Group By.  (You may also wish to add or remove columns in the list depending on your needs.)

3) Lastly (as per my previous post), 
	Right-click the Security Event Icon, and Export all.  
	Choose a name for your export, and do not add an extension.  
	Open this file with Microsoft Excel, as an XML List, after which you may filter by whichever column you wish.

 

-- 
Pete Marion
Commonwealth of Pennsylvania
Information Systems
Technology Engineering
Security Architecture
(717) 214-6581

Excellent firms don't believe in excellence, only in constant improvement and constant change.
-Tom Peters

CONFIDENTIALITY NOTE
This electronic message transmission, which includes any files transmitted with it, may contain confidential or privileged information and is only intended for the individual or entity named above. If you have received this email in error,  please purge it and all attachments and notify me immediately .
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

		From: "Henderson, Henry" <Henry.Henderson@xxxxxxxxx>
		Subject: [ISSForum] Question about Documentation
		To: <issforum@xxxxxxxxxxxxxxxx>
		Message-ID:
			<AC782EFA11EA304A88737C6F369FF5DC0C4A8658@xxxxxxxxxxxxxxxxxxxxxx>
		Content-Type: text/plain;	charset="US-ASCII"

		I am try to get a list of the various severity (High, Medium, and Low) with each one defined by category.  I have looked at the help documentation and copied the A thru H and the I thru Z tag names, only the High show what severity, which sensor, category and tag name. Medium and Low show severity, sensor, and tag name, but do not show category?  Help!

		Categories:
		*	Denial of Service
		*	Host Sensor
		*	Pre-attack Probe
		*	Protocol Signature
		*	Suspicious Activity
		*	Unauthorized Access Attempt
		
		Henry Henderson
		Network Security Analysis
		Missouri Office of Administration
		Information Technology Services Division
		Information Security Management Office
		573-526-6923

_______________________________________________
ISSForum mailing list
ISSForum@xxxxxxxxxxxxxxxx

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo/issforum

To contact the ISSForum Moderator, send email to mod-issforum@xxxxxxx

The ISSForum mailing list is hosted and managed by Internet Security Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.