CS-MARS: connecting custom to existing groups-events events
Hello
I created a custom event in the framework to work with custom parsers (which works very well in most of the cases).
I want to add this event customized to an existing group of events. This would be important because every time the custom event produced the existing rules (were the event group is used) would be returned and would create an incident.
If the custom event will not be added to the existing event groups, I'll never get an incident because no rule will match (no existing
rule uses my new event).
is it possible to add my event customized to an existing group?
Thanks so much I have an idea to solve my request.
Kind regards
Bernhard
Sorry, you cannot change the event groups. This is why it is so important when creating analyzers to use existing events when possible. If there is an existing event that even approaches which means the same thing, you might be better to use it. Otherwise, you must create a custom control rule to process the custom event.
Tags: Cisco Security
Similar Questions
-
Hello!
I am working on a Dell Inspiron 1300 laptop for a friend. She has Windows HP Home Edition, SP3 installed.
He said that Saturday night he started to act funny and wouldn't connect to the Internet. There were a few popups then begins, and he did not know if they were connected to not go on the Internet.
He had the rootkit.zeroaccess infection. I used Combofix to remove it. It won't always get on the Internet, either via a wi - fi or ethernet connection.
Looking at the event viewer, I see event ID 7003, "the TCP/IP protocol driver service depends on the non-existent service below: IPSec."
Then, event 7001, "(NLA) network location awareness service depends on the service protocol driver TCP/IP which could not start due to the following error: the dependency service does not exist or has been marked for deletion.".I copied ipsec.sys from another XP Home machine which worked and stuck in the Windows\System32\drivers directory and it still does not work.
Any ideas are greatly appreciated!
Dave
Hello
See this link:
http://TechNet.Microsoft.com/en-us/library/cc958861.aspx
Let us know the results.
-
Adding table to an existing group
I am trying to remote installation wizard allows you to add a PS6210x to an existing PS6000 with a PS6210xs group. I have successfully added tables the same group with RSW in the past, but I get an error this time on a bad group password. I logged in with this password manager, so I know that it is correct.
The new table has firmware 8.1 and tables in the existing group always run 7.1.x. Is it possible that in fact is the problem and I just need to update the old firmware to table first?
Thank you.
1. you use the user 'grpadmin' to connect to the GroupMgr, but this password may be another. Especially over a long period a customer may change the password for grpadmin but forget to change the GroupPW.
Within GrpMgmr klick on group-> Member-> Set Password to set a new GroupPW. You don't need to know the old man!
2. Yes, at the end of the day all members must be at the same level of FW, but this should not be your problem right now.
We upgade existing members first of all for the course prior to FW, adding new members. We are also new members in a 'maintenance' pool to be sure that no data migration starts automatically.
Kind regards
Joerg -
Hello
We would like to migrate a R50 PS6100 1 GB for an R6 PS6210 10 GB volumes both have currently existing volumes. Is it possible for two existing groups to join, migrate PS6100 to PS6210 volumes and continue to use the volume PS6100 group.
Robert
Hello
I'm sorry but there is no option 'group fusion. Mixing 10GbE and members GbE in the same group is very hard to do safely. According to the amount of free space you have on the table of 10GbE you can replicate from one to the other. (Assuming that the levels compatible firmware), can promote the replica and connect.
Otherwise, you would have to migrate data at the level of the host.
Kind regards
Don
-
Add PS6110 with the existing data to the existing group
Hello world
Is it possible to add a PS6110 with the existing volumes and connections to an existing uninterrupted group iSCSI?
Thank you!
Sven
Hello Sven,
No sorry. There is no possibility of group "fusion". In addition, discovery addresses are different for servers must be updated.
If you have enough space, you can migrate the data to a group. I.e. through Storage vMotion from VMware, then reset the released members and add it to the group.
Any solution you are looking for will be based on the host.
Kind regards
-
Service Division of Hyperion - assign the existing group to the new group
Hi all
In my planning application, I tried to create the new group "G3" through the sharing service and assigned existing groups ("G1", "G2") to the new group "G3". So that all existing group access will be transferred to the new group.
But when I logged with the user of the G3, I found has insufficient access forms data giving the message.
"You try to open the data form, but can not because all the required dimensions are not present." Possible causes may be that you do have at least one member of a required dimension, or the selection of members resulted in no Member present. Contact your administrator. "
I can able to connect and see the dataform with user group G1 and G2.
What that should I need to change in the settings to avoid this problem?
Thanks in advanceWhen you add a G1, G2 to G3 provisioning of g1 and g2 doesn't apply to the g3. Instead, it's the other way around. G1 and G2 will have some G3 has commissioned.
-
How to add contacts to your existing groups or how to manage your groups?
Anyone know how to add contacts to your existing groups or how you manage your existing groups. How do you even add new groups I can't find a way to do this in the ocntacts.
Hello
1. what version of Windows is installed on the computer?
2 are. what groups you referring?
3. What mail client do you use?
If you use Hotmail, you can post your request in the Windows Live Forum.
http://answers.Microsoft.com/en-us/windowslive/Forum/Hotmail
You can check the link:
http://Windows.Microsoft.com/en-us/Windows-Live/Mail-import-backup-restore
Please get back to us with the above information so that we can help you accordingly.
-
Add the new PS4100 to an existing group
Hello
anyone would be able to explain the process of adding a new table to an existing group, please?
We have a new PS4100 which was delivered with the 7.0.15 Firmware but the Group has a range of PS4000 on Firmware 8.0.5.
How can I upgrade the firmware on the new PS4100 before running the Setup utility?
Thank you very much
Tom
Let the new Member to join an EMPTY pool as the "default" (its still a void in our environments) or create an and name the program installation or maintenance.
If the table has joined this pool complete the configuration as Ports IP/network, RAID level and so on. I prefer a complete reconstruction and not a fast initialization, but it's your choice. Updated the FW and also check the FW drive.
Try to ping the new IP addresses of existing hosts and if everything is OK, move member in your production area.
Kind regards
Joerg
-
Creation of an existing group PS4000 and PS6010 - just checked.
Hello
We have two existing EQL units that have never actually placed in a group. Successfully completed their thing during the last five years or so, but now it's time for an upgrade. I have a couple PS6510Es ready to get into the data center. The first will be for production, the second will be for replication and snapshots only (subsequently headed off site).
I have a simple plan for all migrated to the EQLs old data to the new: I'll join the existing EQLs (PS4000 and PS6010 V7.0.9 running) in a group, and then join the new EQLs once they have been built. Since it seems too easy, I am concerned about the process of construction group. I just can't locate a case or writing where someone fired two production EQLs in a brand-new group (where they are the only members).
I probably missing something, so if there are traps or witch hunt that miss me.
Thanks in advance,
Mark
Hi Mark,
If the two existing unts are in individual groups, impossible to merge them and keep the data. It is also a mixture of GbE and 10GbE? This makes it a little trickier. You can add a new unit of unconfigurated to an existing group, assuming that the firmware of the systems are compatible.
So for at least one of the former members, you will need to either replicate data on the 6510 or based on host to best use, for example Storage vMotion for ESXi, or robocopy, for Windows, for Linux rsync richcopy, etc...
Kind regards
-
I used a BBM group for a few years and when I would create an event BBM, it would synchronize and update my calendar on my phone. I created an event today and it is not updated of my calendar. I also noticed that the BBM groups have been changed since the last time I used them about 2 months ago. What is the cause of the problems?
Edit my post above, the most extreme step would be a clean OS reload. If it were me, I would be tempted to join directly the and pass the reset to factory or security.
If you want to look for a solution, and for possible ideas, you could examine the wire to the
I think of him because it's an odd example of BBM more behavior calendar. It is not exactly the same problem as yours, but it shares the strangeness.
-
When I'm connected to my home group, so I could share a printer. Everything was wonderful, but I get a flashing message indicating 'bidirectional support is disabled. It is in the printer properties, or perhaps something that should be changed also? I checked everywhere I know to turn it on, but I'm starting to think that I am interested in this problem the wrong way. Can anyone help? Oh, the printer is a Kodiak 9200 and connected via usb.
Thank you
RavenThe following can help (note also the Note at the bottom that says you need to do from computer connected via USB): http://support.en.kodak.com/app/answers/detail/a_id/1294/selected/true
-
I reinstalled Dreamweaver and realized that I had lost the connection to my existing Web site. Would appreciate any help on how to find the necessary information to reconnect.
You need to get your hosting provider. There is no other way unless you saved the definition of Site somewhere on your computer.
-
I'm about to install the free trial version of Photoshop and LR CC. I have LR5 on my PC. LR CC will automatically connect to my existing catalog? Will it be prevent me to return to my LR 5 if I decide not to buy LR CC?
LR CC will import your existing catalog. Of course once you start working in CC, some data may no longer be compatible as for example the new develop settings or specific metadata. This is why it is always advisable to backup everything, so you can go back.
Mylenium
-
How to modify a Virtual Machine DRS existing group?
Hello
I use DRS-rules to place virtual machines to a host selected in a Cluster group.
The poblem is that I did not find methods to change (add new virtual machines) to an existing group of DRS 'Virtual Machine '.
As far as I know, the configuration is stored in $ClusterView.ConfigurationEx.Group
Any ideas?
Thank you!
Hi Willibald,
I did some research in the VMware vSphere SDK and made two functions Get-DrsGroup and VmToDrsGroup Add to add one or more virtual machines to a ClusterVmGroup. Some examples of how to use these function exists in the code. If you have added these features to your PowerCLI session, you can use Get-Help to get information about these functions. And also for the examples. For example Get-Help add-VmToDrsGroup-full.
Function Get-DrsGroup { <# .SYNOPSIS Retrieves DRS groups from a cluster. .DESCRIPTION Retrieves DRS groups from a cluster. .PARAMETER Cluster Specify the cluster for which you want to retrieve the DRS groups .PARAMETER Name Specify the name of the DRS group you want to retrieve. .EXAMPLE Get-DrsGroup -Cluster $Cluster -Name "VMs DRS Group" Retrieves the DRS group "Vms DRS Group" from cluster $Cluster. .EXAMPLE Get-Cluster | Get-DrsGroup Retrieves all the DRS groups for all clusters. .INPUTS ClusterImpl .OUTPUTS ClusterVmGroup ClusterHostGroup .COMPONENT VMware vSphere PowerCLI #> param([parameter(Mandatory=$true, ValueFromPipeline=$true)]$Cluster, [string] $Name="*") process { $Cluster = Get-Cluster -Name $Cluster if($Cluster) { $Cluster.ExtensionData.ConfigurationEx.Group | ` Where-Object {$_.Name -like $Name} } } } Function Add-VMToDrsGroup { <# .SYNOPSIS Adds a virtual machine to a cluster VM DRS group. .DESCRIPTION Adds a virtual machine to a cluster VM DRS group. .PARAMETER Cluster Specify the cluster for which you want to retrieve the DRS groups .PARAMETER DrsGroup Specify the DRS group you want to retrieve. .PARAMETER VM Specify the virtual machine you want to add to the DRS Group. .EXAMPLE Add-VMToDrsGroup -Cluster $Cluster -DrsGroup "VM DRS Group" -VM $VM Adds virtual machine $VM to the DRS group "VM DRS Group" of cluster $Cluster. .EXAMPLE Get-Cluster MyCluster | Get-VM "A*" | Add-VMToDrsGroup -Cluster MyCluster -DrsGroup $DrsGroup Adds all virtual machines with a name starting with "A" in cluster MyCluster to the DRS group $DrsGroup of cluster MyCluster. .INPUTS VirtualMachineImpl .OUTPUTS Task .COMPONENT VMware vSphere PowerCLI #> param([parameter(Mandatory=$true)] $Cluster, [parameter(Mandatory=$true)] $DrsGroup, [parameter(Mandatory=$true, ValueFromPipeline=$true)] $VM) begin { $Cluster = Get-Cluster -Name $Cluster } process { if ($Cluster) { if ($DrsGroup.GetType().Name -eq "string") { $DrsGroupName = $DrsGroup $DrsGroup = Get-DrsGroup -Cluster $Cluster -Name $DrsGroup } if (-not $DrsGroup) { Write-Error "The DrsGroup $DrsGroupName was not found on cluster $($Cluster.name)." } else { if ($DrsGroup.GetType().Name -ne "ClusterVmGroup") { Write-Error "The DrsGroup $DrsGroupName on cluster $($Cluster.Name) doesn't have the required type ClusterVmGroup." } else { $VM = $Cluster | Get-VM -Name $VM If ($VM) { $spec = New-Object VMware.Vim.ClusterConfigSpecEx $spec.groupSpec = New-Object VMware.Vim.ClusterGroupSpec[] (1) $spec.groupSpec[0] = New-Object VMware.Vim.ClusterGroupSpec $spec.groupSpec[0].operation = "edit" $spec.groupSpec[0].info = $DrsGroup $spec.groupSpec[0].info.vm += $VM.ExtensionData.MoRef $Cluster.ExtensionData.ReconfigureComputeResource_Task($spec, $true) } } } } } }Best regards, Robert
I changed the error handling logic in the Add-VMToDrsGroup function.
Post edited by: RvdNieuwendijk
-
Difficult to view the connected customer details. The customer is able to register itself
Difficult to view the connected customer details. The customer is able to register on my site, but when he enters his user name and password I don't know how to display Welcome username message and pass the link to login to logout. AFTE same as the client connects it still shows login. Please look at the picture for more details.
Hello
On the page template / you use the login module tag "{module_whosloggedin}"?
Reference KB: http://kb.worldsecuresystems.com/134/bc_1345.html#main_Web_page_Modules
If still not able to solve it please provide the page where you experience this problem and help further.
Kind regards
-Sidney
Maybe you are looking for
-
regarding Google as my default search engine
I spent my default search to google engine. but everytime I open Firefox, I keep getting the additional window giving me instructions on how to do it again. He's crazy my OCD perfectionist. Help, please. Laughing out loud
-
Satellite A30 - ACPI driver missing
HelloI have an old A30 that I just installed Win7 on. Everything is fine apart from a missing driver - unknown device ACPI In Device manager the hardware ID is ACPI\CMP0101 Now this laptop fan lights not bad and she has a random problem to close with
-
My digital TV (Sony Bravia that has a USB port), can be connected wireless to my router?
I would like to connect my wireless digital TV to my computer via the router, but I'm not sure it can be done. My TV has HDMI and USB ports.
-
How to stop a hacker to access my info through an xbox
recently, someone had access to my xbox account through my game son xbox profile and made some microsoft points purchases in which has my account information
-
How to connect a portable Sony Bravia TV Vista
I want to connect my laptop to my tv (Sony Bravia, mod KDF - 50E3000), so that I can read documents of text on the screen or play games on the tv from my laptop. I bought a HDMI VGA cable and hung the two units through this means of communication.