RSA Admin

Correlation Rule for CISCO Nexus messages severity 0 1 2 has been discovered

Discussion created by RSA Admin Employee on Mar 21, 2012

Hi guys,


I'd like to set correlation rule that would be able to capture any CISCO Nexus messages on severity 0 ,1  and 2.  I've created correlation rule with content function in use. That was easy.:smileytongue:  But I don't know how to capture messages which are not being parsed.  Unfortunately most of Hardware messages are not parsed and Content function is able to search only in payload. Any idea how to solve it?