snjy.in

How to view Logs Actual Raw Logs inside Correlation Alert from Historical report or throgh Query

Discussion created by snjy.in on Mar 25, 2011
Latest reply on Sep 16, 2011 by RSA Admin

Hello - 

I have generated previous two week report for correlation rule NIC004 (Intensive Configuration Change for Network Device). I got this rule triggered multiple times over previous 2 weeks. Now I need to analyze what are those devices where this changes happened and what are those actual Logs.

 

I am able to get this information for current alerts which are still in Alert History. But those stored in IPDB does not give the actual device logs who has caused this Rule (NIC004) to trigger

 

Outcomes