Sentinel 8.0.1

Its a POC.

Sentinel is getting logs from Cisco Firewall and Router. I configured
all Network Related co-rules(that comes out-of-the-box) to create
alerts. But no Alert has been created yet from the events being received
on Sentinel from Firewall and Routers. In the Main webUI a lot of
events are reported from Firewall that have "Attack > Suspicious >
Unknown" XDAS but no alerts are created yet.

I also configured the other out-of-the-box Co-rules that detects
Suspicious activities from System Side(e.g MS AD, Linux Servers etc)
which are creating alerts and could be seen in the Threat Response
Dashboard. I also want to have alerts created for the events from
Network equipment, please help.

Regards,


--
sharfuddin
------------------------------------------------------------------------
sharfuddin's Profile: https://forums.netiq.com/member.php?userid=1016
View this thread: https://forums.netiq.com/showthread.php?t=57482