All Apps and Add-ons
Highlighted

Cisco IPS SDEE - Configuration Changes Events

Explorer

Hi,

We have Cisco IPS for which we use Cisco Security Suite and Splunk add for CIsco IPS to get the events using SDEE. We are getting the intrusions and vulnerabilities events. Is there a way with which we can get the configuration changes in IPS. We would like to get all the user/account changes and other configuration changes in IPS.

Regards
Sajin

0 Karma
Highlighted

Re: Cisco IPS SDEE - Configuration Changes Events

Splunk Employee
Splunk Employee

does it log the raw events? if so, they can be described in eventtypes.conf and tagged in tags.conf.

0 Karma
Highlighted

Re: Cisco IPS SDEE - Configuration Changes Events

Explorer

Cannot find any events. Would like to know if getting these events are possible.

0 Karma