“Hello,
I am in process of using the NewsFeeder tool to replay back existing events into a new archive. Trying to filter out events from a previous date so that they do not become correlated when I replay the events. What format is the eventdate stored as so that I may construct my filter...”
“Hi,
I tested our SSIM failover configuration and had the following error in the sesa-agent.log. I tested what happens when I turn off the main appliance. After the third attempt the agent stopped working and nothing happen. If I change the failover retry attempt to 1 everything works fine.
...”
“Hi,
I have a question about doing a liveupdate for an off-box collector in a windows computer in spanish.
When I try to execute runliveupdate.bat I get the next error:
C:\Documents and Settings\Administrador>"C:\Archivos de programa\Symantec\Event...”
“Hi,
I've installed a Symantec Endpoint Protection Status event collector in SSIM and configured it to work with Sybase. I configured the property "Start reading from" in 'Beginning' and everything works fine. But the moment I change that property, and use 'end' instead, the collector...”
“I am administering the SSIM for my organization and, to be honest, my first impressions are not that great. I am trying to tweak the rules to minimize false positives but have been met with roadblocks time after time.
...”
“Hello,
Is there any way to specify the width of the columns in the reports? I would much rather dedicate a larger width space to the description, and perhaps let all other rows text wrap accordingly.
Thanks!
...”
“Hi, I just upgraded SSIM to 4.6.2 (Maintenance Pack 2) and when I try to log into the client I get the following message:
The notification service is not running. This service is required for security reasons.
The application will now exit.
com.symantec.sim.rx.RXAuthException: Unable to...”
“Hello,
I am trying to find out more information that what is listed in the available documentation.
1. What if any, system/software configuration for Windows Server 2003/2008 are needed
2. What is also needed (system requirements and software) for the workstations (windows xp)...”
“New to SSIM. I have made several changes to the correlation rules (ex. changed the Windows account lockout to excude a certain username who frequently gets locked out). However, even after making the change, I am still getting incidents based on these changes. Another examples is the Spyware Not...”
“Hi,
I am a newcomer in SSIM. I am doubted how Ironport sends its logs to SSIM. Would anyone please clarify it for me? The following is my configuration.
At IronPort, it is set to send syslog messages to SSIM.
...”
“Hi,Guys:
how can i scheduled atuomated fowarding events from a ssim to another's; for example, if i configurated the time range that the ssim would forwarding events to another ssim on schedule, it looks like a schedule liveupdate or sending reports.
it's vital importance and can you...”
“Any ideas, please share.
I have created a rule to alert me (via an email) when my vendors connect via VPN to my network. From the design console the rule works, but it fails to alert me when I push to rule out.
Anyone?
SSIM ver 4.6.1.24
...”
“I noticed that the Service Provider model only allows you to forward to a master SP from unique domains. Meaning, that you cannot forward incidents if the correlation machines are all under the same domain.
...”
3 days 12 hours ago
by DVorel