cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Shankar1
Level 7
Report Inappropriate Content
Message 1 of 3

SIEM Running with Version 11.4.2 - Alarm Report Generation

Hi,

In our Site, We created the triggering of Alarms based on Signature ID for various Alerts(User Account Created, Disabled, Deleted, Lockout) and it triggers mails to our Mail Server with Summary Only and it doesn't give the full details of the Host and User details. In ESM Alarm dashboard we are able to see all the details(Username, Host name etc.)

We would like to know how can we get same details available in the ESM to the Mail.

 

 

2 Replies
erelleke
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 3

Re: SIEM Running with Version 11.4.2 - Alarm Report Generation

Hi,

Are these Field Match Alarms or Internal Event Match Alarms? I am guessing that they are Field Match Alarms, the issue with the field match for Account created would most likely be that the stringmap table is not being updated fast enough for the email. However, if this is an Internal Event Match and the fields are being left blank or it is showing the same for the disabled, deleted and lockout where the user name should already be in the stringmap table. Please reach out to technical support and open a case as this will need to be investigated.

Thank You,
Eric
Shankar1
Level 7
Report Inappropriate Content
Message 3 of 3

Re: SIEM Running with Version 11.4.2 - Alarm Report Generation

Hi,

I found the solution and it was working as expected.

Thanks & Regards

Shankar.E

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community