Predefined Templates, Device Control

Ivanti provides a set of predefined templates used by the Log Explorer, based on commonly used audit queries.

You can use the following predefined templates:

Template Name

Shows

Prerequisite

Audit by Administrator 'adm'

All actions performed by a specific administrator.

You must change the adm user to an actual administrator in the Template Settings dialog. The result is classified by user.

Audit for PC xyz

Audit trace for a specific computer.

You must change the xyz computer to an actual computer name in the Template Settings dialog.

Audit for user 'abcd'

Audit trace for a specific user.

You must change the abcd user to an actual computer name in the Template Settings dialog.

Audit today

Daily audit trace.

No action is required.

CD-DVD in use this month

Monthly DVD/CD usage.

You must enable the Device Log option.

Copy limit met this week

Weekly copy limit rules that have been met or exceeded.

You must define a Copy Limit rule.

Denied device acc. this week

Weekly list of device access denials.

You must enable the Device Log option.

Devices connected this month

Monthly list of device connections.

You must enable the Device Log option.

Devices denied/user this month

Monthly list of denied device access classified by user.

You must enable the Device Log option.

Devices often used this month

Monthly list of devices used most often.

You must enable the Device Log option.

Everything today

Everything that happened today.

No action is required.

Files DVD/CD->PC/user this month

Monthly list of all files transferred from DVD/CDs to PCs classified by user.

You must define a Shadow rule.

Files Floppy->PC/user this month

Monthly list of all files transferred from floppy disks to PCs classified by user.

You must define a Shadow rule.

Hardening violations this month

All client hardening violations detected this month.

You must first configure the Client Hardening option.

Keylogger this week

All key logging violations and intrusions detected this week.

You must first configure the USB Key Logger option.

Medium Encrypted by User

All media encrypted by users.

You must define permissions for removable devices.

Medium Encrypted this month

Monthly list of all media encrypted by users.

You must define permissions for removable devices.

PC->DVD/user this month

Write granted by DVD/CD device, PC, and user for the month.

You must enable the Device Log option.

PC->Floppy/user this month

Write granted by floppy disk device, PC, and user for the month.

You must enable the Device Log option.

PC->Remove/user this month

Read granted by removable storage device, PC, and user for the month.

You must enable the Device Log option.

Remove->PC/user this month

All read operations from removable storage devices for the month, classified by user.

You must define a Shadow rule.

Shadow by file type for this month

A shadow copy of the file name or the entire file. for all files copied for the month. classified by file type.

You must define a Shadow rule.

Shadow by user per month

A shadow copy of the file name or the entire file. for all files copied for the month. classified by user.

You must define a Shadow rule.

Shadow exp by size dsc this month

A shadow copy of the file name or the entire file, for all files copied to an external device for the month, classified by size.

You must define a Shadow rule.

Shadow files >10 MB this month

A shadow copy of the file name or the entire file. for all files copied to an external device larger than 10 MB. for the month.

You must define a Shadow rule.

Shadow imp by size dsc this month

A shadow copy of the file name or the entire file. for all files copied from an external device for the month. classified by size.

You must define a Shadow rule.

Shadow mp3. mp4 by user

A shadow copy of the file name or the entire file. for all music and video files copied for the day. classified by user.

You must define a Shadow rule.

Shadowing today

A shadow copy of the file name or the entire file, for all files copied for the day.

You must define a Shadow rule.

Users denied device this week

All device permissions denied by user for the week.

You must enable the Device Log option.

Related Tasks: