Predefined Templates
Ivanti provides a set of predefined templates used by the Log Explorer, based on commonly used audit queries.
You can use the following predefined templates:
Template Name | Shows | Prerequisite |
---|---|---|
Audit by Administrator 'adm' | All actions performed by a specific administrator. | You must change the adm user to an actual administrator in the Template Settings dialog. The result is classified by user. |
Audit for PC xyz | Audit trace for a specific computer. | You must change the xyz computer to an actual computer name in the Template Settings dialog. |
Audit for user 'abcd' | Audit trace for a specific user. | You must change the abcd user to an actual computer name in the Template Settings dialog. |
Audit today | Daily audit trace. | No action is required. |
CD-DVD in use this month | Monthly DVD/CD usage. | You must enable the Device Log option. |
Copy limit met this week | Weekly copy limit rules that have been met or exceeded. | You must define a Copy Limit rule. |
Denied device acc. this week | Weekly list of device access denials. | You must enable the Device Log option. |
Devices connected this month | Monthly list of device connections. | You must enable the Device Log option. |
Devices denied/user this month | Monthly list of denied device access classified by user. | You must enable the Device Log option. |
Devices often used this month | Monthly list of devices used most often. | You must enable the Device Log option. |
Everything today | Everything that happened today. | No action is required. |
Files DVD/CD->PC/user this month | Monthly list of all files transferred from DVD/CDs to PCs classified by user. | You must define a Shadow rule. |
Files Floppy->PC/user this month | Monthly list of all files transferred from floppy disks to PCs classified by user. | You must define a Shadow rule. |
Hardening violations this month | All client hardening violations detected this month. | You must first configure the Client Hardening option. |
Keylogger this week | All key logging violations and intrusions detected this week. | You must first configure the USB Key Logger option. |
Medium Encrypted by User | All media encrypted by users. | You must define permissions for removable devices. |
Medium Encrypted this month | Monthly list of all media encrypted by users. | You must define permissions for removable devices. |
PC->DVD/user this month | Write granted by DVD/CD device, PC, and user for the month. | You must enable the Device Log option. |
PC->Floppy/user this month | Write granted by floppy disk device, PC, and user for the month. | You must enable the Device Log option. |
PC->Remove/user this month | Read granted by removable storage device, PC, and user for the month. | You must enable the Device Log option. |
Remove->PC/user this month | All read operations from removable storage devices for the month, classified by user. | You must define a Shadow rule. |
Shadow by file type for this month | A shadow copy of the file name or the entire file. for all files copied for the month. classified by file type. | You must define a Shadow rule. |
Shadow by user per month | A shadow copy of the file name or the entire file. for all files copied for the month. classified by user. | You must define a Shadow rule. |
Shadow exp by size dsc this month | A shadow copy of the file name or the entire file, for all files copied to an external device for the month, classified by size. | You must define a Shadow rule. |
Shadow files >10 MB this month | A shadow copy of the file name or the entire file. for all files copied to an external device larger than 10 MB. for the month. | You must define a Shadow rule. |
Shadow imp by size dsc this month | A shadow copy of the file name or the entire file. for all files copied from an external device for the month. classified by size. | You must define a Shadow rule. |
Shadow mp3. mp4 by user | A shadow copy of the file name or the entire file. for all music and video files copied for the day. classified by user. | You must define a Shadow rule. |
Shadowing today | A shadow copy of the file name or the entire file, for all files copied for the day. | You must define a Shadow rule. |
Users denied device this week | All device permissions denied by user for the week. | You must enable the Device Log option. |