Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
498
Views
0
Helpful
2
Replies

Can you read a dropped event?

Go to solution
scootertgm
Level 1
Level 1

‎12-08-2008 09:56 AM

I had a mis-configured drop rule that logged to the DB.

Is it possible to go back and review the event in the DB to get the info from the attack?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
hoffa2000
Level 3
Level 3

‎12-09-2008 07:33 AM

With the risk of telling you something you already know...events "logged to DB" are excluded from the incident process but processed when creating reports, so one solution in this case would be to set up a raw data report to see what exactly was logged.

/Fredrik

View solution in original post

0 Helpful
2 Replies 2

Go to solution
hoffa2000
Level 3
Level 3

‎12-09-2008 07:33 AM

With the risk of telling you something you already know...events "logged to DB" are excluded from the incident process but processed when creating reports, so one solution in this case would be to set up a raw data report to see what exactly was logged.

/Fredrik

0 Helpful

Go to solution
scootertgm
Level 1
Level 1
In response to hoffa2000

‎12-09-2008 08:10 AM

You and I had similar ideas. I pulled the raw logs and it was able to answer my questions.

Sorry it was late in the day or I would have replied earlier.

0 Helpful
Customers Also Viewed These Support Documents