Resolution
goal
goal
How do I configure Detect rules to send VigilEnt alerts to a Core Services/VigilEnt Security Server computer?
fact
VigilEnt Security Manager 3.x
fact
VigilEnt Security Manager 4.x
fact
VigilEnt Security Agent for Windows 3.x
fact
VigilEnt Security Agent for Windows 4.0
symptom
Detect alerts are not showing up in VigilEnt Security Manager.
cause
The alert rule is not configured correctly. Alerts can only be sent to the machine hosting Core Services/VigilEnt Security Server.
fix
note
Additional information is available in the topic Windows/NT Detect alerts are not being received in VigilEnt Security Manager or e-mail.
Why are alerts not showing up in VigilEnt Security Manager?
goal
How do I configure Detect rules to send VigilEnt alerts to a Core Services/VigilEnt Security Server computer?
fact
VigilEnt Security Manager 3.x
fact
VigilEnt Security Manager 4.x
fact
VigilEnt Security Agent for Windows 3.x
fact
VigilEnt Security Agent for Windows 4.0
symptom
Detect alerts are not showing up in VigilEnt Security Manager.
cause
The alert rule is not configured correctly. Alerts can only be sent to the machine hosting Core Services/VigilEnt Security Server.
fix
For VigilEnt Security Manager (VSM) to receive alerts from the Detect service, you must configure the Detect rules to send alerts to the computer hosting Core Services (VigilEnt Security Server in VSM 4.0). If a computer is only running the VSM console component and not Core Services (VSS), the computer cannot receive alerts.
To configure Detect rules to send VigilEnt alerts to a Core Services (VSS) computer:
- From computer with a complete VigilEnt Security Agent for Windows installation, click Start > Programs> VigilEnt Security Agent > Configure VSANT Detect.
- From the Config File menu, open the desired rule file. By default, the
detect.xmlrule file located in directoryWINDetect\rulesopens. - In the left panel, select the rule you want to send the VigilEnt alert.
- In the lower-right pane, labeled Actions of rule <rulename>, click the Modify button. The Actions dialog window opens.
- To add a new VigilEnt alert action, proceed to step 6. To modify an existing VigilEnt alert action, skip to step 7.
- To add a new VigilEnt alert action, click the VigilEnt tab in the Destinations section. Enter the Core Services (VSS) host name in the Host Name field. Click the Add/Save button to add the alert to the Action list.
- To modify an existing alert, select it in the Action list. Ensure the Edit action radio button is selected. Enter the Core Services (VSS) host name in the Host Name field. Click the Add/Save button to add the alert to the Action list.
- Click OK to close the Actions window.
Important! From the Config File menu, click Save. If you omit this step, your changes will be lost when you exit.
- From the Config File menu, click Exit> Yes.
note
Additional information is available in the topic Windows/NT Detect alerts are not being received in VigilEnt Security Manager or e-mail.
Additional Information
Formerly known as NETIQKB30044