Log Collection SDEE: Step 2: Configure SDEE Event Sources to Send Events to Security Analytics

Document created by RSA Information Design and Development on Jul 29, 2016
Version 1Show Document
  • View in full screen mode
 

This topic tells you where to find the event sources currently supported for SDEE collection and the available configuration instructions for each event source.

Return toProcedures

The event sources currently supported for SDEE collection are available in the Supported Event Sources list.

The list of RSA Supported Event Sources is an alphabetized of all the event sources currently supported by Security Analytics that identifies which event sources you can use with SDEE Collection.

SupportedSDEEES.png

  1. In RSA Supported Event Sources, find the name of the event source.
  2. Verify that it is supported by the SDEE Collection Protocol.
  3. Click on envisionConfigInstrIcon.PNG to retrieve the configuration instructions for the event source.
  4. Verify that you downloaded the correct event source parser (for example, ciscoidsxml) from LIVE to the Log Decoder and enabled  it.

Sample Configuration Instructions

The following illustration is taken from the Cisco Secure IDS or IPS configuration instructions.

sampleConfigInstrSDEE.PNG

You are here: SDEE Collection Configuration Guide > Procedures > Log Collection SDEE: Step 2: Configure SDEE Event Sources to Send Events to Security Analytics

Attachments

    Outcomes