All Apps and Add-ons

Cisco IPS SDEE - Configuration Changes Events

kpsajin
Explorer

Hi,

We have Cisco IPS for which we use Cisco Security Suite and Splunk add for CIsco IPS to get the events using SDEE. We are getting the intrusions and vulnerabilities events. Is there a way with which we can get the configuration changes in IPS. We would like to get all the user/account changes and other configuration changes in IPS.

Regards
Sajin

0 Karma

jcoates_splunk
Splunk Employee
Splunk Employee

does it log the raw events? if so, they can be described in eventtypes.conf and tagged in tags.conf.

0 Karma

kpsajin
Explorer

Cannot find any events. Would like to know if getting these events are possible.

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In January, the Splunk Threat Research Team had one release of new security content via the Splunk ES Content ...

Expert Tips from Splunk Professional Services, Ensuring Compliance, and More New ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Observability Release Update: AI Assistant, AppD + Observability Cloud Integrations & ...

This month’s releases across the Splunk Observability portfolio deliver earlier detection and faster ...