Environment
NetIQ Secure Configuration Manager 6.0
NetIQ Secure Configuration Manager 6.1
NetIQ Secure Configuration Manager 6.1
Situation
Events are not forwarded to SIEM servers
When an asset is in compliance with an exception, Secure Configuration Manager does not forward the assessment reports to the Security Information and Event Management (SIEM) solution servers such as NetIQ Sentinel and Splunk. Resolution
This issue is resolved in SCM 6.1 which can be downloaded from our website:
https://www.netiq.com/Support/vsm/extended/upgrade.asp
Secure Configuration Manager now forwards the assessment reports to the SIEM servers correctly.
Cause
There was an issue with sending events to SIEM when an asset is in compliance with exception. This is a special case where total risk is greater than zero but managed risk is zero.