cancel
Showing results for 
Search instead for 
Did you mean: 
vijay16
Level 7

signature ID and Normalized id in SIEM

what is signature id and how to use signature id and what is normalized id and its uses ?

0 Kudos
2 Replies
Peacekeeper
Level 20

Re: signature ID and Normalized id in SIEM

Moved to SIEM forum for a better chance of help

0 Kudos
abanaru
Level 11

Re: signature ID and Normalized id in SIEM

Signature ID is the identification number of a rule which can successfully parse an event (signature and rule are synonyms in mcafee siem) .

The normalized ID is the identification number of a group in which some signatures mean the same thing (login of an user via SSH, login of an user via FTP - they are both logins so their normalized id will be the same).

Both are used when filtering events in dashboards.

0 Kudos