Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Database functionality of CSPM is a must!

Scenario:

Receive an alert for IIS Double Decode Error. Okay is it a false positive or real event?

The ONLY way for me to tell in the present CSPM system is to look at the Context Buffers associated with this alert. Those buffers will tell me what the offending URL looks like.

But guess what, this context data is only available throught the CSPMs event viewer or after having run cvtrlog.exe on the CSPM database.

This does not help me in my alerting process, because I want that data available to me along with the alert itself.

CSPM does not allow for real time database connectivity. cvtrlog.exe can appararently extract the context buffers and make them available to your database... but I would have to run cvtrlog.exe in an almost _continuous_ fashion just so I can get access to this information.

Is Cisco going to provide real time database capability? And are they going to pump context data into that database also?

Why not allow us access to the CSPM database as is? How proprietary can it be?

To me, it's a very real problem. My currently open TAC case has not yielded any joy.

Does anyone else think this is a real problem? I know that if I get a bunch of these alerts at 2am, I'm not going to get online to my corp network just to check context buffers... I'd prefer to have that information sent to me directly.

  • Other Security Subjects
1 REPLY
New Member

Re: Database functionality of CSPM is a must!

I agree completely with this. CSPM does not provide the information that a security analyst needs to identify real threats. Database connection should be a no-brainer for Cisco...after all, they have "partners" who provide expensive software packages that interface with their system. For the money this stuff is going for we should have at least the functionality that all the freeware IDS systems have out there.

Jason Fletcher

85
Views
0
Helpful
1
Replies
This widget could not be displayed.