CISCO IDS XML messages
I have a doubt regarding the manage message option in RSA Envision. We hav e recently added a new signature to our CISO IDS XML. So the logs related to that is coming in RSA Envision, which i can see in Event viewer, But When i create a report that particular signature alert is not coming in Report. Then i found that the message ID related to that alert is not there in Manage Message Option.
Regarding this my Question is when even a new signature added do i need to manually add the message ID in manage message under CISCO IDS XML.. ?
I am using Envision 4.1
Thanks in ADVANCE.
You need to install VAM each time is released by RSA. If after install the latest ESU/VAM, the message that you're looking for does not appear, then you can use ESI to modify your existing Cisco IDS Messages in order to recognize the message that you need.
Remember to backup your existing Cisco IDS Messages file before modify it.