...
Events may be Audit Events, Log Audit Events, File Integrity Events or Registry Integrity Events. By default, the audit events are displayed, however to review the file integrity monitoring events, select the File Integrity button. This will restrict the display of latest events to only FIM events, if enabled via menu item File Integrity Monitoring. Similarly, you can display the events for Log Audit and Registry Integrity by selecting the Log Audit and Registry Integrity buttons respectively.
At the top of the page each destination is displayed, along with its status, and current throughput in bytes per second, and events per second (EPS).
| Note | ||
|---|---|---|
| ||
No events will be generated unless there is a valid destination configured to which to send them. |
...
An example of the latest Event Logs is shown below:
An example of the latest Log Audit events is shown below:
An example of the latest File Integrity events is shown below:
An example of the latest Registry Integrity events is shown below:
Please note:
- each list is restricted to 20 entries and cannot be cleared, except by restarting the SnareCore service
- new events will be displayed with an alarm bell icon next to it
- events are highlighted in the criticality level colour nominated in your audit policies
- the window will automatically refresh every 30 15 seconds for event logs or when the Latest Events menu item is selected
- displays the status of the current network connection(s) to the log server
- displays the date and time of the last HeartBeat sent, if applicable
- for audit events, the Source column is composed of the bold part which is the Channel name eg DNS Server, followed by the Source Name eg Microsoft-Windows-DNS-Server-Service
...