All Apps and Add-ons

Cisco IPS SDEE - Configuration Changes Events

kpsajin
Explorer

Hi,

We have Cisco IPS for which we use Cisco Security Suite and Splunk add for CIsco IPS to get the events using SDEE. We are getting the intrusions and vulnerabilities events. Is there a way with which we can get the configuration changes in IPS. We would like to get all the user/account changes and other configuration changes in IPS.

Regards
Sajin

0 Karma

jcoates_splunk
Splunk Employee
Splunk Employee

does it log the raw events? if so, they can be described in eventtypes.conf and tagged in tags.conf.

0 Karma

kpsajin
Explorer

Cannot find any events. Would like to know if getting these events are possible.

0 Karma
Get Updates on the Splunk Community!

Developer Spotlight with Paul Stout

Welcome to our very first developer spotlight release series where we'll feature some awesome Splunk ...

State of Splunk Careers 2024: Maximizing Career Outcomes and the Continued Value of ...

For the past four years, Splunk has partnered with Enterprise Strategy Group to conduct a survey that gauges ...

Data-Driven Success: Splunk & Financial Services

Splunk streamlines the process of extracting insights from large volumes of data. In this fast-paced world, ...