Data Center Security Web Attack Detection Options

book

Article ID: 169688

calendar_today

Updated On:

Products

Critical System Protection Data Center Security Monitoring Edition Data Center Security Server Data Center Security Server Advanced

Issue/Introduction

When using the built in DCS Windows Detection (IDS) policy, you want to monitor muliptle web access log files under Web Attack Detection Global Settings but see that there is only the option for one path. 

Environment

All versions of DCS IDS policies

Resolution

By design, DCS detection policy will only allow monitoring of one log file.  

The current workaround to see events from a different log than you specify in the built in policy, is to create a separate text log rule and add the web attack detection rules manually. A separate rule would need to be created for each of the logs you wish to monitor.