• Support
  • Forums
  • Blogs

Event Name shows "directive_alert: Unknown event"

tskengtskeng

New Life Form
Hi,

Event Name shows "directive_alert: Unknown event" when looking at Security Events (SIEM) - OSSIM 5.4.0.

unknown_event

In grouped event view, there are separate entries to indicate that each of them are unique but yet still shows "directive_alert: Unknown event".


unknown_event_1

Any idea why?

Share post:

Answers

  • hi tskeng,

    same here as well. After I look into the event, the real event shows up and then the table gets updated.
    But only for this event i have to go thru every event.

    I have version 5.4.1  

     
  • me too, however o a restart in defaults back to unknown event again
  • I have the same issue. A directive that used to work in 5.2 now comes up with this 'Unknown Event' as well.

    The directive fires an Alarm into the database correctly wit the correct name etc but in the SIEM events it shows up with this 'Unknown event' guff.

    It seems there is no linger a Data Source #1505 in the database to match correlation directives to the directive event ID (in my case 500005). SO I am thinking that the SIEM is dumping it as an 'Unknown event'

    Where has Data Source #1505 gone AV? It was there in 5.2.4 - I checked!
Sign In or Register to comment.