RSA enVision^® Discussions

RSAAdmin · ‎2008-04-15

We are running our ISS Proventias in prevent mode, and I have been asked to create reports that show whether an event is being blocked or not. This information is available in the SiteProtector database, but it does not appear to be pulled into enVision. Is it there, but I just do not recognize it, or has anyone else run into this issue and found a workaround (even if just editing the XML)?

RSAAdmin · ‎2008-06-19

Jeff -

I'm wondering how you made out with this issue.

We're running ISS Realsecure server sensors and I've noticed that while we are pulling events from Siteprotector - quite a bit of what we're getting are null fields.

-Scott

RSAAdmin · ‎2008-07-01

I also have this issue with my ISS IPS device. I am using ODBC collection. Have you tried using the SNMP collection method? I haven't but in theory, one of the SNMP variables should include blocked-count:1

RSAAdmin · ‎2008-07-14

Ryan,

I've gone the SNMP route with the same results as the ODBC configuration.

-Scott Ashton

RSAAdmin · ‎2008-07-28

We had the same issue when going the SNMP route, as well. I find it odd, though, since we were definitely sending the other information that we would like to see (in addition to the block counts, I am looking for detail information for reports). I think that the problem is with the device XML, and just haven't had an opportunity to play with it yet (plus, I was hoping that RSA would fix it for us and provide an update for the newest version of SiteProtector!).

RSA enVision® Discussions

ISS RealSecure IPS

RSA enVision^® Discussions