1 Reply Latest reply on Apr 6, 2017 4:02 AM by abanaru

    ESM 10.0.1 - All PCI pre-defined views shows empty data - event data of the proper type are present for each device in scope



      I need to generate views for PCI compliance 10.2.x. related to network and firewall devices (all Cisco IOS and ASA). I have created a group containing all the relevant devices and I can see that all the events are properly parsed using built-in parser for Cisco IOS and Cisco ASA devices. I can see in the parsed events that login/logoff events are present, events related to configuration changes are present and so on, nothing is reported as "unknown event".

      If I choose any of the predefined views under Compliance>PCI the result is always an empty dashboard regardless the time frame chosen...(even selecting "All").

      I don't expect this to work out-of-the-box but I'm also not expecting to have to start completely from scratch... How can I troubleshoot this issue? Is there a way to see what queries the PCI predefined views do?