I could only suggest that you check the setting on the sensor to see what the minimum alarm level required is set to.
For example, sensors will record all events (severity 1 thru 5) in the local log file located in /usr/nr/var/log. by default but the setting for the outbound alarms is different. You can find out what it is set for in the following file: /usr/nr/etc/destinations
The entry for your logging console will look like this:
2 CSPM.ORG smid 2 ERRORS,COMMANDS,EVENTS
The first field (2) is the connection number and is always one-up from the one before.
The second field (CSPM.ORG) is the host and org names assigned during set-up, separated by a period.
The third field (smid) is the target process that will be listening for the alarms.
The fourth field (2) is the minimum severity required. This is the field that may be to blame for your lack of alarms, especially if it is set to 4 or 5!
The fifth field (ERRORS,COMMANDS,EVENTS) dictates which type of log entries will be sent, assuming that the minimum severity level is met.
In my experience, the predominant severity for most IDS signatures is 2 or 3. If the minimum severity is set too high for your CSPM, then you'll most likely see no alarms being delivered other than the ones associated with restarting the sensor.
I suggest that you double check the setting and adjust accordingly...
I also have the same problem, I went thru' all this stuff all is ok.I still cannot get any alarms but start up ones.
secondly, when I configure the sensor with CSPM, it fails to commit the configs to the sensor, so stuff like shunning which cannot be done manually still await this CSPM problem solving, please help ...
Did this start after a signature update? This could be because of many reasons. Go to the sensor and use the command df -k and see if you are over 75% full. Another reason for this could be that traffic has stopped flowing on the sensors interface, use nrstatus at the netrangr command prompt to make sure that all of your services are running. Are you getting notifications 996, 997? If so then traffic has probably stopped flowing at the sensors interface. In that case use the nrstop/nrstart to bring services and interface back up. Let me know if any of these tips help, and elaborate on any further information.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :