Predefined Templates, Application Control
Ivanti provides a set of predefined templates used by the Log Explorer, based on commonly used audit queries.
You can use the following predefined templates.
|
Template Name |
Shows |
Prerequisite |
|---|---|---|
|
Applications denied today |
All applications that have been denied for the day. |
This only applies to user for which the Execution Blocking option is properly configured. Entries are only logged when the Execution Log option is properly configured. |
|
Applications locally authorized today |
All applications that have been locally authorized for the day. |
This only applies to user for which the Execution Blocking option is properly configured. You must enable the Local Authorization option for each computer you want to audit. |
|
Applications often denied this week |
The most often denied applications for the week. |
This only applies to user for which the Execution Blocking option is properly configured. Entries are only logged when the Execution Log option is properly configured. |
|
Audit by Administrator 'adm' |
All actions performed by a specific administrator. |
You must change the “adm” user to an actual administrator in the Template Settings dialog. The result is classified by user. |
|
Audit for PC xyz |
Audit trace for a specific computer. |
You must change the “xyz” computer to an actual computer in the Template Settings dialog. |
|
Audit for user 'abcd' |
Audit trace for a specific user. |
You must change the “abcd” user to an actual computer in the Template Settings dialog. |
|
Audit today |
Daily audit trace. |
No action is required. |
|
Everything today |
Everything that happened for the day. |
No action is required. |
|
Hardening violations this month |
All client hardening violations detected for the month. |
You must configure the Client Hardening option. |
|
Relaxed logon apps this week |
All relaxed logon applications done for the month. |
This only applies to user for which the Execution Blocking option is properly configured. Entries are only logged when the Execution Log option is properly configured. You must configure the Relaxed Logon option for each user that you want to audit. |
|
Users denied acc. to regedit this week |
The user tried to run Windows regedit utility and access was denied. |
This only applies to user for which the Execution Blocking option is properly configured. Entries are only logged when the Execution Log option is properly configured. |
|
Users denied app. device this week |
All applications and device denied this for the week. |
This only applies to user for which the Execution Blocking option is properly configured. Entries are only logged when the Execution Log option is properly configured. You must enable the Device Log option. |
|
Users denied apps this month |
All applications denied by user for the month. |
This only applies to user for which the Execution Blocking option is properly configured. Entries are only logged when the Execution Log option is properly configured. |