NAC devices in enVision? which table to use???

Discussion created by securitysavy on Jun 8, 2010
Latest reply on Jun 16, 2010 by securitysavy

I have a need to add a custom device format into enVision.  For now I will says it's a NAC device (Network Access Control) which scans clients and takes action on switches to affect connectivity and traffic.  Its logs show events like "checking client against policy Test,  Rule good-user" and "Running command cmd.exe"  none of these seems to clearly line up with IPS fields.


Are there any other NAC devices already in enVision?  My issue is selecting the correct table for parsing the XML.  I'm leaning towards using the IPS table, but its certainly cramming a round peg into a square hole.


I have a lot to learn about enVision, including which fields are for what.  With a device that "scans clients" like this I'm struggling with haddress, shost, faddr and figuring out what is needed.


Do folks usually find themselves with this peg/hole issue dealing with the 1 table you have to choose?


We'll likely end up using PS to get this going since I'll likely just misdesign us into a hole.  :smileyhappy: