How do i export the Trigger alarms or run the report on Trigger alarms...
We have been using the Trigger Alarms and would like to run metrics on the alarms... Your timely response is very much appreciated !!
Use can use Device Type ID 329 and filter out all events. Now you can see only triggered alarms. You can export the alarms directly now or you can run a report with device type ID as 329 and get the triggered alarms list.
I have tried but it export on all triggered alarm. How do I export based on specific time for the alarm triggered?
Suggest you to make a view for triggered alarms as Vinaya discussed and at the top there is a filter from there you can select the custom time option and fill whatever time interval you need..Accordingly do the same in configuring report and time interval option is also there at last,export your report..
I hope you will understand my words.
Ya it's quit useful.
But when i filtered based on the device type i was getting triggered alarm but the details are not accurate as per the alarm means it's not giving source IP address details in filter with device type 329 showing blank, but when i open alarm i was able to see IP address.
Creating a View and Filtering on Device Type ID 329 (McAfee > Triggered Alarm) does not return any values on our SIEM(s).
Where you using the Device Type ID in a Report possibly?
We are currently on v9.6.1 MR1