cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Level 9
Report Inappropriate Content
Message 1 of 3

SIEM Health Related Sig IDs I found helpful for Alarms&Reports

306-1Backup Configuration Change
306-2Backup Performed
306-4Event Partition Detach
306-5Flow Partition Detach
306-6Data Retention Configuration Change
306-7Data Allocation Configuration Change
306-8Indexing Configuration Change
306-11User Login
306-14User Account Change
306-15Policy Add
306-16Policy Modify
306-17Policy Delete
306-18Device Add
306-19Device Delete
306-20Rule Add
306-21Rule Modify
306-22Rule Delete
306-23Variable Add
306-24Variable Modify
306-25Variable Delete
306-28EPO Tags Applied
306-31Failed User Login
306-32ESM Reboot
306-34Log Partition Rolled Off
306-50File Deleted
306-52VA Data Engine status aler
306-50010McAfee EDB database server state change alert
306-50017User Device Login
306-50023SNMP collector state change alert
306-50027Health monitor internal alert
306-50034OPSEC retriever state change alert
306-50043VA Data Engine status alert:
306-50047The logging of data to the ELM is significantly behind.
306-50054A RAID error has occurred
306-50077Error in SSH communication  
306-50079User Device Failed Login
306-50080A physical network interface connection has been made or removed
306-50085System integrity check failure
306-51Get VA Data Success
329-10ACE Status Change Alarm
2 Replies
Highlighted
Level 9
Report Inappropriate Content
Message 2 of 3

Re: SIEM Health Related Sig IDs I found helpful for Alarms&Reports

306-50027Health monitor internal alert
Process filterctl is not running.
The subsystem has recovered (Filter Control).
The subsystem has recovered (Collectors Control).
The subsystem has recovered (Parser Control).
Failed to get status from parsersctl.
Failed to get status from collectorsctl.
Failed to get status from filterctl.
Highlighted

Re: SIEM Health Related Sig IDs I found helpful for Alarms&Reports

We found this also comes up for the 306-500727 Health monitor internal alert:

     Bad data files detected; they have not been fully parsed!

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community