SIEM Running with Version 11.4.2 - Alarm Report Generation
In our Site, We created the triggering of Alarms based on Signature ID for various Alerts(User Account Created, Disabled, Deleted, Lockout) and it triggers mails to our Mail Server with Summary Only and it doesn't give the full details of the Host and User details. In ESM Alarm dashboard we are able to see all the details(Username, Host name etc.)
We would like to know how can we get same details available in the ESM to the Mail.
Re: SIEM Running with Version 11.4.2 - Alarm Report Generation
Are these Field Match Alarms or Internal Event Match Alarms? I am guessing that they are Field Match Alarms, the issue with the field match for Account created would most likely be that the stringmap table is not being updated fast enough for the email. However, if this is an Internal Event Match and the fields are being left blank or it is showing the same for the disabled, deleted and lockout where the user name should already be in the stringmap table. Please reach out to technical support and open a case as this will need to be investigated.
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.
Community Help Hub
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.