RSA Admin

Realsecure IDS messages

Discussion created by RSA Admin Employee on Aug 5, 2008
Latest reply on Sep 8, 2008 by RSA Admin

Hey everyone!  This is my first posting in the forum.  I am fairly new to enVision and have a lot to learn.  The issue I am having difficulty with involves how I set up my views for ISS Realsecure IDS events.  I set them up by alert level.  There are 5 alert levels that have IDS events.  Therefore I set up 5 views, one for each alert level.  We recently went to a new hardware platform and an RSA tech came out and set everything up.  But, some of the views couldn't be exported from the old system to the new system.  Therefore, I am trying to put all my filters back into the views for ISS Realsecure IDS events.  Most views contain several thousand messages each.  Do to the large amount of messages, it takes me forever to apply a filter within the view.  Has anyone had any experience setting up views for ISS realsecure?  Should I import all the messages from ISS to each view and filter them as I am doing?  Is there a more efficient way to do this?  I am really having trouble understanding what the messages even mean.  Any help is greatly appreciated.  Thanks!