Submit a ticketCall us

ebook60.pngHow to be a Cisco® ASA ace

Our eBook, Thou Shalt Not Pass…I Think?! can help you overcome the challenges of monitoring and managing Cisco ASA firewalls. This eBook is a great read if you’ve been frustrated with monitoring firewalls, managing ACL configs, and troubleshooting VPN connections.

Get your free eBook.

Home > Success Center > Log & Event Manager (LEM) > LEM All Threat Events filter conditions

LEM All Threat Events filter conditions

Table of contents

Updated June 5, 2017

Overview

This article provides the default conditions used for the All Threat Events filter under the Security section.

Environment

LEM 6.2.1 and later

Detail

Name: All Threat Events

Conditions:
(OR)1st group{

(AND)2nd group{Asset Scan Result Alerts.IsThreat == True}

(AND)3rd group{Auth Audit Alerts.IsThreat == True}

(AND)4th group{Auth Suspicious Alerts.IsThreat == True}

(AND)5th group{HostIncident.IsThreat == True}

(AND)6th group{HybridIncident.IsThreat == True}

(AND)7th group{Network Attack Alerts.IsThreat == True}

(AND)8th group{Network Audit Alerts.IsThreat == True}

(AND)9th group{NetowrkIncident.IsThreat == True}

(AND)10th group{Netowrk Suspicious Alerts.IsThreat == True}

(AND)11th group{Policy Access Alerts.IsThreat == True}

(AND)12th group{VirusAttack.IsThreat == True} }

 

See the Default LEM filters conditions on the Web Console Monitor page article for a full list of available default filters in LEM.

 

Last modified

Tags

Classifications

Public