Hi im getting the following NIC_Alerter alert. Can someone please explain this to me? To me it looks as tho its looking for a watchlist that it cant find? What is the watchlist for? and shouldnt it be a default watchlist if the system needs it?
%NIC-4-608030: Alerter Alerter - - - - Detail: 6348: 13295 view=FailedServiceAccounts watchlist=Service User Names not found.
I'm assuming that you are implementing one of the new correlation rules which rely on watchlists. At the moment, you have to manually create/import the watchlist. There are sample watchlists are posted on the Secure Care Online (SCOL) website. However you will likely need to customize the list for your environment.
The storage mechanism for a watchlist is different from the device content. We are currently looking at ways to deliver a watchlist via the Event Source Update (ESU).