Versions Compared

Version Old Version 1 New Version 2
Changes made by

Andrew Madge

Craig Jones

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Events may be Audit Events, Log Audit Events, File Integrity Events or Registry Integrity Events.  By default, the audit events are displayed, however to review the file integrity monitoring events, select the File Integrity button. This will restrict the display of latest events to only FIM events, if enabled via menu item File Integrity Monitoring.  Similarly, you can display the events for Log Audit and Registry Integrity by selecting the Log Audit and Registry Integrity buttons respectively.

At the top of the page each destination is displayed, along with its status, and current throughput in bytes per second, and events per second (EPS).
Image Added

Note
titleNote

No events will be generated unless there is a valid destination configured to which to send them.


No events will be generated unless there is a valid destination configured to which to send them.Beneath this are buttons that allow you to view lists of entries displaying the Event Logs, Log Audit, File Integrity, and Registry Integrity output. 

An example of the latest Event Logs is shown below:

Image RemovedImage Added


An example of the latest Log Audit events is shown below:

Image RemovedImage Added

An example of the latest File Integrity events is shown below:

Image RemovedImage Added


An example of the latest Registry Integrity events is shown below:

Image Removed

Other useful information of the Latest Events Window is as follows:

...

Image Added


Please note:

  • each list is restricted to 20 entries and cannot be cleared, except by restarting the SnareCore service
  • new events will be displayed with an alarm bell icon next to it
  • events are highlighted in the criticality level colour nominated in your audit policies
  • the window will automatically refresh every 30 seconds for event logs or when the Latest Events menu item is selected
  • displays the status of the current network connection(s) to the log server
  • displays the date and time of the last HeartBeat sent, if applicable
  • for audit events, the Source column is composed of the bold part which is the Channel name eg DNS Server, followed by the Source Name eg Microsoft-Windows-DNS-Server-Service

...