2 Replies Latest reply on Oct 16, 2015 4:23 PM by trekkiecat

    SIEM Health Related Sig IDs I found helpful for Alarms&Reports

    yd9038
      306-1Backup Configuration Change
      306-2Backup Performed
      306-4Event Partition Detach
      306-5Flow Partition Detach
      306-6Data Retention Configuration Change
      306-7Data Allocation Configuration Change
      306-8Indexing Configuration Change
      306-11User Login
      306-14User Account Change
      306-15Policy Add
      306-16Policy Modify
      306-17Policy Delete
      306-18Device Add
      306-19Device Delete
      306-20Rule Add
      306-21Rule Modify
      306-22Rule Delete
      306-23Variable Add
      306-24Variable Modify
      306-25Variable Delete
      306-28EPO Tags Applied
      306-31Failed User Login
      306-32ESM Reboot
      306-34Log Partition Rolled Off
      306-50File Deleted
      306-52VA Data Engine status aler
      306-50010McAfee EDB database server state change alert
      306-50017User Device Login
      306-50023SNMP collector state change alert
      306-50027Health monitor internal alert
      306-50034OPSEC retriever state change alert
      306-50043VA Data Engine status alert:
      306-50047The logging of data to the ELM is significantly behind.
      306-50054A RAID error has occurred
      306-50077Error in SSH communication  
      306-50079User Device Failed Login
      306-50080A physical network interface connection has been made or removed
      306-50085System integrity check failure
      306-51Get VA Data Success
      329-10ACE Status Change Alarm