Does anyone have an idea in which report I might be able to track down a Cisco ASA SID of ASA-5-502103 which is a privilege change? I've been hunting high and low but can't see to find it.
Thanks.
Does anyone have an idea in which report I might be able to track down a Cisco ASA SID of ASA-5-502103 which is a privilege change? I've been hunting high and low but can't see to find it.
Thanks.
I checked on our end, and ASA-5-502103 is a UserModifyPrivileges alert
If you just want to find it, the fastest way to do this is in nDepth (Explore > nDepth in the Console). Do a search for one of the following:
In Reports, these UserModifyPrivileges alerts appear in:
After running the report, you can use the Select Expert to filter it only to Cisco devices or this SID (use genericalert.detectionip to filter by device, use genericalert.toolalias to filter by type, use genericalert.providersid to filter by SID).
There isn't, but we'll get something up one way or another (a blog or doc or KB). In the meantime, If this comes up again feel free to ask on Thwack and I'll dig up the answer.
The reports are generally structured around "groups" of alert types, if you look at the tree version of the alert view. For example, the Authentication Report is going to have most of the "Auth Audit" and below alerts related to logging in, out, failing, etc. The Resource Configuration report is going to have things around user, group, policy, and configuration changes, which are sort of the misfits of the other reports. The "Security" reports are going to be the Security part of the taxonomy - and generally follow below that.
I'll post back when the doc (or whatever) is up.
SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 195,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.