Discovering Intrusion Prevention System Sensor
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎02-13-2024 03:56 AM
Upon running discovering on IPS device, we see OIDs (in ECC Queue). This OID is blocked by ServiceNow as per their KB article (We need to prevent any SNMP OID Classifications being added with a Net-SNMP module OID starting 1.3....)
OEM provided us with a different OID (not blocked) and MiB files. Despite adding them, we are still unable to discover the devices.
If a custom pattern needs to be developed, what is the initial starting point as there is difference in OID between the vendor and ServiceNow and for these devices all attributes are fetched from OID itself?
Also can we proceed using SSH credentials as SNMP classification is not working?
- Labels:
-
Discovery
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎02-13-2024 05:43 AM
Hi Arpan,
We also had similar issue at one of our clients . We discovered via SSH instead of SNMP.
Thanks.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎02-14-2024 05:27 AM
Hi Rawel,
Did you create a new classifier and pattern as well? Also, debugging Linux server pattern on that IP gives a very unusual error - Error; job finished with status ERROR: SSH channel 9 activity timeout in state EXECUTING. (timeout = 120000) com.snc.ssh.SSHTimer@7b84dbe4 while in state EXECUTING
Is this because of the sudo permissions or something else, if you have an idea (answers on community are not clear).
Thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎02-14-2024 06:03 AM - edited ‎02-14-2024 06:04 AM
Hi Arpan,
For us it got discovered under Linux server without any issues.
Thanks,
Rawel
