Get Sourcefire Security Intelligence events with eStreamer
I'm trying to get the Security Intelligence events from a Defense Center 18.104.22.168 using the last version of the eStreamer SmartConnector but I can't find them in the CEF events generated by the connector.
I have all the types of events checked in the DC and in the connector configuration. I can see the connection events, but not the security intelligence ones.
I don't know if this type of events could be retrieved from the eStreamer or not. Can anybody give me some info about that?
I know I can get the events using syslog but it would be great to have all the events in the same connector.
Re: Get Sourcefire Security Intelligence events with eStreamer
Hello, Running a prrof of concept with the sourcefire eStreamer and seem to be running into an issue with getting events. In the document it states:
Use KeyMan or other third party software to open the <ip>.pkcs12 file and highlight and open each certificate (there are two certificates). For the key, also set the flag "trust as an addressbook certificate." Save the file to the same file name.
So I have d/l and got keyamn to work.The issue is saving the cert. I can change the password of the cert but not the flag to "trust as an addressbook certificate." . Has any one else come across this issue?