cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

Change Data Source Rule Name

Hi

I want to change the rule name from Data Source Autolearned

When I write a new name for a Data Source Rule Name, this name is manteaining a few days, but after these few days it's deleted.

How can I do this name change?

Regards

4 Replies
Reliable Contributor vnaidu
Reliable Contributor
Report Inappropriate Content
Message 2 of 5

Re: Change Data Source Rule Name

@aortizma 

Please have a look on the below thread which has the issue described and solution is updated.

https://community.mcafee.com/t5/Security-Information-and-Event/Modify-Data-Source-Rule-Normalization...

I hope the above information helps. You may accept this as a solution in case if this resolves your issue.

Cheers!!!!

Venu

Re: Change Data Source Rule Name

Thanks, but it's not exactly that I want.

My problem:

I've got a lot of WebLogic servers, with a lot of BEA CODE error like these:

https://docs.oracle.com/cd/E24329_01/doc.1211/e26117/chapter_bea_messages.htm

I've only one generic rule enable that parsing all weblogic events:

\x3c([^\x3e]+)\x3e\s+\x3c(Trace|Debug|Info|Notice|Warning|Error|Critical|Alert|Emergency|Verbose)\x3e\s<([^>]+)>\s<([^>]+)>\s<([^>]+)>.*(BEA-[^>]+)

In fields assigments I want one signature description for each BEA ERROR, like these:

Captura.JPG

But after this, I want to change the name of these rules, like these:

Captura2.JPG

But only a few rules mantain the new name after two days, other names, change automatically again

Regards

 

Reliable Contributor brenta
Reliable Contributor
Report Inappropriate Content
Message 4 of 5

Re: Change Data Source Rule Name

Can you give us a screenshot of your parsers mapping? I think you might be mapping Signature ID/Name.

Brent
Reliable Contributor David1111
Reliable Contributor
Report Inappropriate Content
Message 5 of 5

Re: Change Data Source Rule Name

1- Be sure to rollout the rules!

2- be sure to insert the new rules on top of the old rules in the "ASP order" configuration tab.

 

Best regards 👍👍👍

David.

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community