Detect alerts show up as unregistered in Vigilent Security Operations Center. (NETIQKB31969)

  • 7731969
  • 02-Feb-2007
  • 17-Sep-2007

Resolution

fact
Vigilent Security Operations Center (VSOC)

fact
Vigilent Security Manager 4.0

fact
Vigilent Security Agent for Unix 2.x

fact
Vigilent Security Agent for Unix 3.x

fact
Vigilent Security Agent for Unix 4.x

fact
Vigilent Security Agent for Unix 5.0

fact
Vigilent Security Agent for Windows 3.x

symptom
Detect alerts show up as unregistered in Vigilent Security Operations Center.

symptom
Alerts appear in Vigilent Security Manager as ServerName[unregistered]

cause

When several endpoints are being monitored by one agent and one of those endpoints are deleted in VSOC, the alert will show up as a server name followed by "unregistered".   The word unregistered is appended to the name because the serverid in the alerts table is now null. 



fix

This issue is resolved in Vigilent Security Manager version 4.1.  The workaround for version 4.0 is as follows: 

  1. Open the 'Vigilent Security Manager Console' and right-click the Endpoint
  2. Select Properties and click IP Lookup.  This will update/refresh the IP address and alerts will now show up correctly.


Additional Information

Formerly known as NETIQKB31969