All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Cisco IPS SDEE - Configuration Changes Events

kpsajin
Explorer
‎08-13-2015 12:59 AM

Hi,

We have Cisco IPS for which we use Cisco Security Suite and Splunk add for CIsco IPS to get the events using SDEE. We are getting the intrusions and vulnerabilities events. Is there a way with which we can get the configuration changes in IPS. We would like to get all the user/account changes and other configuration changes in IPS.

Regards
Sajin

0 Karma
Reply

jcoates_splunk
Splunk Employee
Splunk Employee
‎09-13-2015 09:30 AM

does it log the raw events? if so, they can be described in eventtypes.conf and tagged in tags.conf.

0 Karma
Reply

kpsajin
Explorer
‎09-13-2015 12:03 PM

Cannot find any events. Would like to know if getting these events are possible.

0 Karma
Reply
Get Updates on the Splunk Community!

Dashboard Studio Challenge - Learn New Tricks, Showcase Your Skills, and Win Prizes!

Reimagine what you can do with your dashboards. Dashboard Studio is Splunk’s newest dashboard builder to ...

Introducing Edge Processor: Next Gen Data Transformation

We get it - not only can it take a lot of time, money and resources to get data into Splunk, but it also takes ...

Take the 2021 Splunk Career Survey for $50 in Amazon Cash

Help us learn about how Splunk has impacted your career by taking the 2021 Splunk Career Survey. Last year’s ...