Resolution
fact
Vigilent Security Operations Center (VSOC)
fact
Vigilent Security Manager 4.0
fact
Vigilent Security Agent for Unix 2.x
fact
Vigilent Security Agent for Unix 3.x
fact
Vigilent Security Agent for Unix 4.x
fact
Vigilent Security Agent for Unix 5.0
fact
Vigilent Security Agent for Windows 3.x
symptom
Detect alerts show up as unregistered in Vigilent Security Operations Center.
symptom
Alerts appear in Vigilent Security Manager as ServerName[unregistered]
cause
fix
Vigilent Security Operations Center (VSOC)
fact
Vigilent Security Manager 4.0
fact
Vigilent Security Agent for Unix 2.x
fact
Vigilent Security Agent for Unix 3.x
fact
Vigilent Security Agent for Unix 4.x
fact
Vigilent Security Agent for Unix 5.0
fact
Vigilent Security Agent for Windows 3.x
symptom
Detect alerts show up as unregistered in Vigilent Security Operations Center.
symptom
Alerts appear in Vigilent Security Manager as ServerName[unregistered]
cause
When several endpoints are being monitored by one agent and one of those endpoints are deleted in VSOC, the alert will show up as a server name followed by "unregistered". The word unregistered is appended to the name because the serverid in the alerts table is now null.
fix
This issue is resolved in Vigilent Security Manager version 4.1. The workaround for version 4.0 is as follows:
- Open the 'Vigilent Security Manager Console' and right-click the Endpoint.
- Select Properties and click IP Lookup. This will update/refresh the IP address and alerts will now show up correctly.
Additional Information
Formerly known as NETIQKB31969