cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Former Member
Not applicable
Report Inappropriate Content
Message 1 of 2
‎06-30-2010 01:29 PM

Display filters in NSM 5.1

Hi,

I m new to this forum and was finding out an way to find exactly where does the "Display Filters" created from the Alerts in Real Time TA get saved in the local hard drive.

I could find the saved views from the " C:\Documents and Settings\USERNAME\McAfee\NetworkSecurityManager\NAMEOFNSMMGR\ThreatAnalyzer" as "savedviews.xml" and preferences as "preference.xml"

I know, If Display filters properly configured can reduce the task of digging into the thousands of alerts.

But every time with the local java cache and the NSM folder being deleted for some reason, the created display filters seems to be disappearing.

If i could find the file where the display filters get saved, then i could manually backup the file and import back if the cache is deleted for some reason.

thx

srini

Message was edited by: srinivasang06 on 6/30/10 3:30:37 PM CDT
0 Kudos
Reply
1 Reply
Former Member
Not applicable
Report Inappropriate Content
Message 2 of 2
‎10-04-2010 05:07 AM

Re: Display filters in NSM 5.1

Hi Srini,

You may have solved this issue already but here are a few pointers that may help:

This is something that we have looked at as well and have little success in finding where these settings are saved. Like you we looked into the settings folder and backed up the XML files but as you say they don't work.

You say that you have to dig through thousands of alerts?

Surely if you are swamped in alerts then investigating them and finding out which are false positives due to normal network traffic would be the best way forward?

If you have a policy on your devices that encompasses the "All inclusive with audit" rule set then this is a must!

A quicker way to "filter" the events though if tuning is not an option, is to right click on an event that you do not wish to see and select the "hide" option. This will filter the view and present you with the view minus the hidden alert.

Alternatively, try the "group by" option on the top right of the TA and sort them by attack name, Source IP etc...

Hope this helps...

0 Kudos
Reply
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community


Corporate Headquarters
6220 America Center Drive
San Jose, CA 95002 USA

Consumer Support   |   Enterprise Support   |   McAfee.com for Enterprise

Legal   |   Privacy   |   Copyright © 2021 Musarubra US LLC