Log Collection SDEE: Step 4: Verify That SDEE Collection Is Working

Document created by RSA Information Design and Development on Jul 29, 2016
Version 1Show Document
  • View in full screen mode
 

This topic tells you what to check in Security Analytics to verify that you have configured SDEE Collection correctly.

Return toProcedures

You need to verify that SDEE collection is configured correctly, otherwise it will not work.

The following procedure explains how you can verify that SDEE collection is working from the Administration > Health & Wellness > Event Source Monitoring tab.

  1. In the Security Analytics menu, select Administration > Health & Wellness, and click the Event Source Monitoring tab.
  2. Find an SDEE event source type (for example, ciscoids) in the EventSource Type column.
  3. Look for activity in the Count column to verify that SDEE collection is accepting events.

The following procedure explains how you can verify that SDEE collection is working from the Investigation > Events > view.

  1. In the Security Analytics menu, select Investigation > Events.
  2. Select the Log Decoder (for example, LD1) collecting SDEE events in the Investigate a Device dialog.
  3. Look for an SDEE event source parser (for example, ciscoidsxml) in the Device Type column to verify that SDEE collection is accepting events.
You are here: SDEE Collection Configuration Guide > Procedures > Step 4: Verify That SDEE Collection Is Working

Attachments

    Outcomes