I am on ESM 9.3.2. Does anyone know if it is possible to classify, tag, or put a higher severity on certain data sources? I would eventualy like to create an alarm or correlation rule on a specific set of assets.
You can tag assets identified by Source IP using the Asset Management interface, you can select assets by tag in Views using the Tag option in the Source IP or Destination IP filter.
I'm not sure whether this works in all possible filter construction dialogues but it's a reasonable starting point.
Hmmm..cannot insert image, can select image file but upload button greyed out. Will try to clarify anyway.
In the View Filter panel if you select the Filter Variable Funnel symbol you will get a dialogue with various tabs - Variable, Assets, Asset Groups, Tag, Watchlists. The Assets, Asset Groups, and Tag tabs allow you to select based on details applied to the assets in the Asset Manager view.
In the Asset Manager view you can create your own Tags and Tag Groups to slice and dice the assets any way you want. I think the 'Asset' in this case is really just the IP address rather than the fully qualified domain name so DHCP can make life miserable.
This works for Source IP and Destination IP, it may work for other filter fields but the only way to find out is to just look.
The online 'help' calls it the "Filters pane". It is the panel/pane that occupies the right-hand side of the ESM console running from top to bottom called "Filters".
At the top of the ESM console between 'options' and 'logout' you will see 'help'...click that and click the "Getting started" > "Navigating the ESM console" topic and that should display help on the main screen components.