Video Screencast Help
Protect Your POS Environment Against Retail Data Breaches. Learn More.

Search

Search results

I need a solution I'm trying to figure out some way to get value out of the GIN watchlists.  By themselves the value is farily low due to high false positive rates, but I was ...
Forum Discussion by mathell | 10 Feb 2012 | 4 comments
I need a solution I'm trying to write a query that will show me any unassigned incidents for a certain time period (actually, that is just the first step, what I'm really ...
This issue has been solved
Forum Discussion by mathell | 27 Jan 2012 | 8 comments
I need a solution Can anyone confirm that Windows events with event id 562, 682 and 615 have a mechansim of "application exploit"?   event ID 562 = object ...
This issue has been solved
Forum Discussion by mathell | 16 Nov 2011 | 3 comments
I need a solution We have created a custom rule to trigger on Symantec SEP alerts.  We want to include the "actual action" from the alerts in the notification.  Unfortunately, ...
Forum Discussion by mathell | 12 Oct 2011 | 1 comment
I need a solution Can anyone provide some clarity around how to use regex matching in a correlation rule?  I found no reference to it in the 4.7 rules guide at all (oddly enough I did ...
Forum Discussion by mathell | 30 Aug 2011 | 3 comments
I need a solution Can someone confirm whether they have a source IP address for any Windows logon events?  Do a query with a filter of "Mechanisms contains login" and ...
Forum Discussion by mathell | 23 Aug 2011 | 12 comments
I need a solution We are struggling with the apparent lack of consistency in the parsing and storing of event data into columns for each device type. Is there a base set of columns we ...
Forum Discussion by mathell | 19 Aug 2011 | 5 comments
I need a solution I have the rule below. "Correlate By" is set to none. I want a new incident each and every time this event is seen.  I keep getting "incident ...
Forum Discussion by mathell | 15 Aug 2011 | 9 comments
I need a solution I've got a ton of "ip watchlist destination" and "ip watchlist source" incidents.  I've been watching them with curiousity for a few ...
Forum Discussion by mathell | 08 Jul 2011 | 4 comments