Introducing AC Events
The Application Control Configuration Events feature allows you to define rules for the capture of auditing information and to raise events. You can specify which events are captured and specify file filters.
You can schedule daily maintenance of the AC Events to prevent the database log getting overloaded.
For more details, see Event Options.
Events Workflow
- Enable Event capturing - Application Control Configuration Editor > Configuration Settings > Events > Select Capture Centrally On.
- Select the events you want to capture - Application Control Configuration Editor > Configuration Settings > Events > Selection.
- Select the file types to capture event data for - Application Control Configuration Editor > Configuration Settings > Events > Filtering.
- Data gathered.
- Retrieve event data - Application Control Configuration Editor > View Events or Security Controls console > View menu > Application Control Events.
- Set query criteria.
- Run query.
- Filter results.
- Export Data.
Event data will be gathered when the machines check in at intervals specified in the Agent Policy General Settings, if you want to retrieve the data before this check in has happened go to View > Machines > highlight the machines and right-click, select Application Control > Retrieve Events and that runs the job immediately.