rhermes Fri, 04/03/2009 - 08:43
User Badges:
  • Gold, 750 points or more

Check if your Symantec Security Manager supports SDEE, if it does, make it an SDEE client to the sensor's SDEE server.

If it doesn't you'll have to modify each signature (or globally via an event action override) you want an event sent and enable the request-snmp-trap action. This will cause a trap to be issued when those signatures fire. The SNMP trap will contain less information than the SDEE message.

http://www.cisco.com/en/US/docs/security/ips/6.2/configuration/guide/cli/cli_event_action_rules.html#wp1113302

Actions

This Discussion