All Apps and Add-ons

Cisco IPS SDEE - Configuration Changes Events

kpsajin
Explorer

Hi,

We have Cisco IPS for which we use Cisco Security Suite and Splunk add for CIsco IPS to get the events using SDEE. We are getting the intrusions and vulnerabilities events. Is there a way with which we can get the configuration changes in IPS. We would like to get all the user/account changes and other configuration changes in IPS.

Regards
Sajin

0 Karma

jcoates_splunk
Splunk Employee
Splunk Employee

does it log the raw events? if so, they can be described in eventtypes.conf and tagged in tags.conf.

0 Karma

kpsajin
Explorer

Cannot find any events. Would like to know if getting these events are possible.

0 Karma
Get Updates on the Splunk Community!

Strengthen Your Future: A Look Back at Splunk 10 Innovations and .conf25 Highlights!

The Big One: Splunk 10 is Here!  The moment many of you have been waiting for has arrived! We are thrilled to ...

Now Offering the AI Assistant Usage Dashboard in Cloud Monitoring Console

Today, we’re excited to announce the release of a brand new AI assistant usage dashboard in Cloud Monitoring ...

Stay Connected: Your Guide to October Tech Talks, Office Hours, and Webinars!

What are Community Office Hours? Community Office Hours is an interactive 60-minute Zoom series where ...