Predefined Templates

Ivanti provides a set of predefined templates used by the Log Explorer, based on commonly used audit queries.

You can use the following predefined templates:

Template Name Shows Prerequisite
Audit by Administrator 'adm' All actions performed by a specific administrator. You must change the adm user to an actual administrator in the Template Settings dialog. The result is classified by user.
Audit for PC xyz Audit trace for a specific computer. You must change the xyz computer to an actual computer name in the Template Settings dialog.
Audit for user 'abcd' Audit trace for a specific user. You must change the abcd user to an actual computer name in the Template Settings dialog.
Audit today Daily audit trace. No action is required.
CD-DVD in use this month Monthly DVD/CD usage. You must enable the Device Log option.
Copy limit met this week Weekly copy limit rules that have been met or exceeded. You must define a Copy Limit rule.
Denied device acc. this week Weekly list of device access denials. You must enable the Device Log option.
Devices connected this month Monthly list of device connections. You must enable the Device Log option.
Devices denied/user this month Monthly list of denied device access classified by user. You must enable the Device Log option.
Devices often used this month Monthly list of devices used most often. You must enable the Device Log option.
Everything today Everything that happened today. No action is required.
Files DVD/CD->PC/user this month Monthly list of all files transferred from DVD/CDs to PCs classified by user. You must define a Shadow rule.
Files Floppy->PC/user this month Monthly list of all files transferred from floppy disks to PCs classified by user. You must define a Shadow rule.
Hardening violations this month All client hardening violations detected this month. You must first configure the Client Hardening option.
Keylogger this week All key logging violations and intrusions detected this week. You must first configure the USB Key Logger option.
Medium Encrypted by User All media encrypted by users. You must define permissions for removable devices.
Medium Encrypted this month Monthly list of all media encrypted by users. You must define permissions for removable devices.
PC->DVD/user this month Write granted by DVD/CD device, PC, and user for the month. You must enable the Device Log option.
PC->Floppy/user this month Write granted by floppy disk device, PC, and user for the month. You must enable the Device Log option.
PC->Remove/user this month Read granted by removable storage device, PC, and user for the month. You must enable the Device Log option.
Remove->PC/user this month All read operations from removable storage devices for the month, classified by user. You must define a Shadow rule.
Shadow by file type for this month A shadow copy of the file name or the entire file. for all files copied for the month. classified by file type. You must define a Shadow rule.
Shadow by user per month A shadow copy of the file name or the entire file. for all files copied for the month. classified by user. You must define a Shadow rule.
Shadow exp by size dsc this month A shadow copy of the file name or the entire file, for all files copied to an external device for the month, classified by size. You must define a Shadow rule.
Shadow files >10 MB this month A shadow copy of the file name or the entire file. for all files copied to an external device larger than 10 MB. for the month. You must define a Shadow rule.
Shadow imp by size dsc this month A shadow copy of the file name or the entire file. for all files copied from an external device for the month. classified by size. You must define a Shadow rule.
Shadow mp3. mp4 by user A shadow copy of the file name or the entire file. for all music and video files copied for the day. classified by user. You must define a Shadow rule.
Shadowing today A shadow copy of the file name or the entire file, for all files copied for the day. You must define a Shadow rule.
Users denied device this week All device permissions denied by user for the week. You must enable the Device Log option.

Related Tasks: