Security Controls Evaluation Guide

Home 

Introducing AC Events

Overview

The Application Control Configuration Events feature allows you to define rules for the capture of auditing information and to raise events. You can specify which events are captured and specify file filters.

You can schedule daily maintenance of the AC Events to prevent the database log getting overloaded.

For more details, see Event Options.

Watch a related video (10:12)

Events Workflow

1.Enable Event capturing - Application Control Configuration Editor > Configuration Settings > Events > Select Capture Centrally On.

2.Select the events you want to capture - Application Control Configuration Editor > Configuration Settings > Events > Selection.

3.Select the file types to capture event data for - Application Control Configuration Editor > Configuration Settings > Events > Filtering.

4.Data gathered.

5.Retrieve event data - Application Control Configuration Editor > View Events or Security Controls console > View menu > Application Control Events.

Event data will be gathered when the machines check in at intervals specified in the Agent Policy General Settings, if you want to retrieve the data before this check in has happened go to View > Machines > highlight the machines and right-click, select Application Control > Retrieve Events and that runs the job immediately.

6.Set query criteria.

7.Run query.

8.Filter results.

9.Export Data.

Your next step

Event Selection and Filtering

Events Retrieval

Why use Events?


Was this article useful?