RSA Admin

How to setup an alert for an ip, when a definied CVE / VID attack happens ?

Discussion created by RSA Admin Employee on Jun 5, 2012
Latest reply on Jul 1, 2012 by RSA Admin
Hello, I would like to setup an alert: When a specific event is detected in the logs (for ex: Confirmed vulnerability to 2011-3389, VID 71103 used by the attacker, and logged by the server and sent the logs to Envision) Envision must send an email to a email address. I managed to reach the basics (manage views / add / view name / ip selection ) but when I select "Event / VID" attribute, I can't see this 71103 VID listed in the results field. What am I doing wrong ? Thank you!

Outcomes