Video Screencast Help
Give us your opinion and win with Symantec! Please help us by taking this survey to tell us about your experience with Symantec Connect, so that we can continue to grow and improve.  Take the survey.

Search

Search results

I need a solution I'm trying to figure out some way to get value out of the GIN watchlists.  By themselves the value is farily low due to high false positive rates, but I was ...
Forum Discussion by mathell | 10 Feb 2012 | 4 comments
I need a solution I'm trying to write a query that will show me any unassigned incidents for a certain time period (actually, that is just the first step, what I'm really ...
This issue has been solved
Forum Discussion by mathell | 27 Jan 2012 | 8 comments
I need a solution Can anyone confirm that Windows events with event id 562, 682 and 615 have a mechansim of "application exploit"? event ID 562 = object handle ...
This issue has been solved
Forum Discussion by mathell | 16 Nov 2011 | 3 comments
I need a solution We have created a custom rule to trigger on Symantec SEP alerts.  We want to include the "actual action" from the alerts in the notification.  Unfortunately, ...
Forum Discussion by mathell | 12 Oct 2011 | 1 comment
I need a solution Can anyone provide some clarity around how to use regex matching in a correlation rule?  I found no reference to it in the 4.7 rules guide at all (oddly enough I did ...
Forum Discussion by mathell | 30 Aug 2011 | 3 comments
I need a solution Can someone confirm whether they have a source IP address for any Windows logon events?  Do a query with a filter of "Mechanisms contains login" and ...
Forum Discussion by mathell | 23 Aug 2011 | 12 comments
I need a solution We are struggling with the apparent lack of consistency in the parsing and storing of event data into columns for each device type. Is there a base set of columns we ...
Forum Discussion by mathell | 19 Aug 2011 | 5 comments
I need a solution I have the rule below. "Correlate By" is set to none. I want a new incident each and every time this event is seen.  I keep getting "incident ...
Forum Discussion by mathell | 15 Aug 2011 | 9 comments
I need a solution I've got a ton of "ip watchlist destination" and "ip watchlist source" incidents.  I've been watching them with curiousity for a few ...
Forum Discussion by mathell | 08 Jul 2011 | 4 comments