SSIM 4.7 - Creating Rules - Symantec Event Code
Created: 13 Jul 2010 | 2 comments
Hi, I'm reading about multicondition rules from manual
Symantec_Security_Information_Manager_User_Guide.pdf
and on page 92 there is an example that uses Symantec Event Code 722. Where can I obtain this list so that I can write my own rules?
Tks!
Discussion Filed Under:
Comments
Hi Aveiga,
Symantec doesn't provide list of Symantec Event Codes o/
The only way how you can obtain list of Symantec Codes is to create own query based on unique Symantec Event Codes over last N days/months and then you will have list of all Symantec Codes, which are collected in SSIM.
I suggest create another query based on Vendor Signature too. The best way is to export the selection to the XLS, then you will have base for creating Queries or Correlation Rules...
Is there any guide to collect
Is there any guide to collect those Symantec Codes?
Would you like to reply?
Login or Register to post your comment.