12-24-2021 05:32 AM
Solved! Go to Solution.
12-27-2021 03:19 AM
12-28-2021 09:28 AM
12-27-2021 03:19 AM
12-26-2021 04:52 PM
<3>Dec 26 22:55:59 PA-VM(X.X.X.X) PaloAlto: -threatIpAddress X.X.X.Y -threatName "HTTP /etc/passwd Access Attempt(35107)" -severity high
XMC server.log:
2021-12-26 22:56:02,402 DEBUG [com.enterasys.netsight.api.eventlog.EventAlarmDef] matchEventEntry: Severity = true Category = true Type = true
2021-12-26 22:56:02,402 DEBUG [com.enterasys.netsight.api.eventlog.EventAlarmDef] matchEventEntry: Event = true LogManager = false Subnet = true
2021-12-26 22:56:02,402 DEBUG [com.enterasys.netsight.api.eventlog.EventAlarmDef] matchEventEntry: Phrase = false
2021-12-26 22:56:02,402 DEBUG [com.enterasys.netsight.api.eventlog.EventAlarmDef] matchEventEntry: Matches = false for event with message =PaloAlto: -threatIpAddress X.X.X.Y -threatName "HTTP /etc/passwd Access Attempt(35107)" -severity high
(IP's are obfuscated)
These 4 lines are repeated quite a lot.
12-25-2021 06:46 AM