Hi,
We have Cisco IPS for which we use Cisco Security Suite and Splunk add for CIsco IPS to get the events using SDEE. We are getting the intrusions and vulnerabilities events. Is there a way with which we can get the configuration changes in IPS. We would like to get all the user/account changes and other configuration changes in IPS.
Regards
Sajin
does it log the raw events? if so, they can be described in eventtypes.conf and tagged in tags.conf.
Cannot find any events. Would like to know if getting these events are possible.