Brother's ,
We have Arcsight integrated with SEP where in reports(Arcsight generated for SEP) I find few Events & logs coming please check them below , I need to know the details for this logs what they exactly mean why do we receive such logs and what action can be taken to minimize them.
Some of the events are as follows..
Intrusion Detected (TSLOG_SEC_INTRUSION_DETECTED)
Host Integrity failed but reported as PASS
Host Integrity passed (TSLOG_SEC_AV) 22524
Host Integrity failed (TSLOG_SEC_NO_AV)
Risk submitted 156
Potential risk found
Thanks in advance and best regards,
Yahiya Siddiqui