Symanyec SIM
Created: 25 Jul 2010 | 4 comments
I have new symantec SIM. It is generating wrong alerts for checkpoint firewall and other network device which is not installed in our network. could any one explain the steps how to remove these false events as these events floods the SSIM.
discussion Filed Under:
Comments
You need to tune your rule to make it fit your environment. Disable the defaul system rules, and create your own rule to monitor those events.
how to custom tune SSIM
sorry for late reply.
Could you please tell me the steps how i tune this parameter as i am new to this SSIM hardware.
Look at those incedents which you belive are false positive, and compare them with the real incidents, to find out the unique field value for FP and real incidents. Add filter at the rule you created.
Sorry, without knowing your envirnment and real events, it is hard to explain how to tune the rules. You may want to look at some Symantec documantation about how to create your own rule.
Customize Events
Dear all,
could you please tell me how i colour sevrerity in SSIM.
e.g
Severity 5 incidence --->Disply with RED colour
Severity 4 Inidence --. Disply with Blue colour
etc
or
I can customize the events in dashboard by creating templets for each applience and then apply color to these incidence severinity.
Would you like to reply?
Login or Register to post your comment.