Snare Registry RIM Activity

The Snare File FIM Activity logs come in either local system time or UTC time if that was selected in the agent. So any activity needs to factor in the time difference for your timezone. Some parts of the dashboard only show data for the last 4 hours as cloud logs can generate massive volume of events. If longer search times are desired then its best to use the event search feature to search for logs over longer time period.

Selecting a chart component such as the pie segment, graph item will link through to the Text Details tabular output where you can search and perform additional filtering of the selected data and time period.

The dashboard contains the following widgets.

RIM Log Activity - showing the overall rate of FIM file activity on the Snare systems for today.
RIMLog Activity by System - shows the log activity per system.
RIM Log Activity by Event Action - RIM actions can include, CHANGE, DELETE, RENAME, NEW. This will allow searching and drill down on the specific action types.
RIM Log Object Type - This will show details of the object type such as registry or key etc.
RIM Log Object Name - This will show the actual object name and path details.
RIM Log Object Owner - This will show the details of who owns the object and track details if the ownership has changed.
Text Details - shows the drill down on the actual raw event.