Endpoint Protection

 View Only
  • 1.  Events logs

    Posted May 19, 2009 08:04 PM

    Brother's ,

    We have Arcsight integrated with SEP where in reports(Arcsight generated for SEP) I find few Events & logs coming please check them below , I need to know the details for this logs what they exactly mean why do we receive such logs and what action can be taken to minimize them.

    Some of the events are as follows..

    Intrusion Detected (TSLOG_SEC_INTRUSION_DETECTED)
    Host Integrity failed but reported as PASS
    Host Integrity passed (TSLOG_SEC_AV) 22524
    Host Integrity failed (TSLOG_SEC_NO_AV)
    Risk submitted 156
    Potential risk found

    Thanks in advance and best regards,

    Yahiya Siddiqui



  • 2.  RE: Events logs

    Posted Jun 10, 2009 01:20 PM
    Are you still seeing these errors in Arcsight? If so, can you provide more data, screenshots?
    Are you seeing the exact errors in the SEPM? Can you post those logs here?