RSA enVision^® Discussions

RSAAdmin · ‎2009-09-03

I have created an alert that monitors what SSHs into our Linux machines and then where they su to. I have a watch list that I created to monitor certain ids and this is working perfectly. When I try to create a report so I can see everything that has connected and had successful su...it uses different tables. I am not able to get past this point. There are two seperate reports that are canned that show this but I need one that has both together so I can see the progression on what the user is doing. Any suggestions?

RSAAdmin · ‎2009-09-03

Did you try looking at Global Table that contains some common set of variables? You may have to check if your table variables are available in global table or not accordingly you can generate a report using global table.

RSAAdmin · ‎2009-09-03

This does not have a foreign address field...I would need something that still shows the foreign address to see where and/or who it doing the connections or su.

RSAAdmin · ‎2009-09-03

as far as I know Global table has faddr/daddr field (foreign/destination), are you not seeing them?

RSAAdmin · ‎2009-09-03

no I do not see the faddr but I do see the daddr

RSAAdmin · ‎2009-09-03

I was mistaken I just see the device address that the action was taken place on.

RSA enVision® Discussions

Compliance Reports using two tables

RSA enVision^® Discussions