I see a bunch of new feeds, some are for the log collector which makes sense to have updated configs. There are others that were added on Nov 21st 2013. They are all tagged as Other and seem a lot like alerts or correlation rules.
I am currently running 10.2 sp2. Are these rules for the new feature that overtook CEP? Otherwise they are not saying I can deploy them on my network.
Just curious thanks!
Those are a few of them, the few that really caught my eye because I was going to try and create them myself was User account created, logged in, and deleted within an hour, audit log cleared and Detect Port Knocking log. Again I am on 10.2 SP2 no I do not have the new ESA.
Thanks! I went ahead and filtered by RSA Event Stream Analysis Alert, they all showed up but they are still tagged for me as other in the type column. If you need any other testing, I will be happy to help.