Sentinel 8.0.1

Its a POC.

Sentinel is getting logs from Cisco Firewall and Router. I configured
all Network Related co-rules(that comes out-of-the-box) to create
alerts. But no Alert has been created yet from the events being received
on Sentinel from Firewall and Routers. In the Main webUI a lot of
events are reported from Firewall that have "Attack > Suspicious >
Unknown" XDAS but no alerts are created yet.

I also configured the other out-of-the-box Co-rules that detects
Suspicious activities from System Side(e.g MS AD, Linux Servers etc)
which are creating alerts and could be seen in the Threat Response
Dashboard. I also want to have alerts created for the events from
Network equipment, please help.


sharfuddin's Profile:
View this thread: