Resolution
goal
How do I save forensic analysis queries?
goal
How do I copy forensic analysis queries to another Analysis Console (Security Manager Control Center for 5.6)?
fact
Security Manager 5.X
fix
note
How do I save forensic analysis queries?
goal
How do I copy forensic analysis queries to another Analysis Console (Security Manager Control Center for 5.6)?
fact
Security Manager 5.X
fix
Log Manager saves Forensic Analysis queries on the Analysis Console computer on which the queries were created. You can share saved Forensic Analysis queries by copying them to another Analysis Console computer. Log Manager saves Forensic Analysis queries as XML files in the installation folder, by defaultin the following directories:
- Security Manager 5.0:
Program Files\MCS OnePoint\OnePoint\VSOC\config\ForensicQueries. - Security Manager 5.1, 5.5, and 5.6:
Program Files\NetIQ Security Manager\OnePoint\VSOC\config\ForensicQueries.
Copy these XML files to the same folder on another user interface computer to use the queries in that Analysis Console (Security Manager Control Center for 5.6).
note
Uninstalling the user interfaces removes the forensic queries.
Additional Information
Formerly known as NETIQKB39914