5 Replies Latest reply on Nov 18, 2016 9:06 AM by eM Ka

    Triggering Alarm on McAfee ESM for specific signature


      Hi All,

      I have a requirement to trigger alarm on WMI logon failure. I tried using the field match for triggering the alarm, where I entered the signature ID 47-000006 under the field match condition, but it didn't trigger any alarm for several such events. I went through some of the blogs to troubleshoot, and found that while triggering alarm using field match option it happens on the ESM. So I think, there is some issue with the ESM, now should I use the internal field match to check like if it could trigger the alarm for all such events as it checks for the condition when the log is at the ERC?

      Please share suggestions.

      I am using 9.6.3 MR