how can I get firewall events in the threat event log? we have got ips events, but not the firewall. For example we do not allow remote desktop (rdp 3389) but there is no event for that if someone tries to use rdp!
Solved! Go to Solution.
Firewall events can be logged and queried in ePO. When you create a block rule in the firewall, however, you have to mark the box that says 'treat match as intrusion'. At least this is so in HIPs 7.. not sure about 8. I have verified this with testing recently.
Have you looked under Menu - Configuration - Server Settings - Event Filtering?
You may need to checkmark event 1096 - Port blocking rule detected and NOT blocked.
Al,
The fire wall is not a loggable event. Only IPs evtents are loged. Fire walls are loged on the clients only...
Regards,
Fichael
Is the firewall enabled?
Firewall events can be logged and queried in ePO. When you create a block rule in the firewall, however, you have to mark the box that says 'treat match as intrusion'. At least this is so in HIPs 7.. not sure about 8. I have verified this with testing recently.
Corporate Headquarters
6220 America Center Drive
San Jose, CA 95002 USA