SDEE Collection: Step 4. Verify TCollection Is Working

Document created by RSA Information Design and Development on May 9, 2016Last modified by RSA Information Design and Development on May 4, 2017
Version 6Show Document
  • View in full screen mode
  

This topic tells you what to check in Security Analytics to verify that you have configured SDEE Collection correctly. You need to verify that SDEE collection is configured correctly, otherwise it will not work.

Return to Procedures

Procedure

The following figure illustrates how you can verify that SDEE collection is working from the Administration > Health & Wellness > Event Source Monitoring tab.

SDEE_ESVerify.png

Access the Event Source Monitoring tab from the Administration > Health & Wellness view.
Find an SDEE event source type (for example, ciscoids) in the Event Source Type column.
Look for activity in the Count column to verify that SDEE collection is accepting events.

The following figure illustrates how you can verify that SDEE collection is working from the Investigation > Events > view.

VerfiyNtflwInvest1.png

Access the Investigation > Events view.
Select the Log Decoder (for example, LD1) collecting SDEE events in the Investigate a Device dialog.

SDEEESVerify2.png

Look for an SDEE event source parser (for example, ciscoidsxml) in the Device Type column to verify that SDEE collection is accepting events.

You are here
Table of Contents > SDEE Collection Configuration Guide > Procedures > Step 4. Verify That SDEE Collection Is Working

Attachments

    Outcomes