Security Controls Evaluation Guide

Home 

Events Retrieval

Overview

The View Events option displays the Application Control Events dialog. You can query on the following predefined events or create custom queries:

All event types

Denied Executables

Allowed Executables

Self Authorization

Privilege Management

Privilege Discovery

Self Elevation

Browser Control

Criteria can be added to tailor the queries, such as time range, user, machine.

You have the option to have a Summary view, this reduces the number of events on display by grouping events of the same file path. the Total column indicates how many instances have been grouped.

The query is a powerful tool which allows you to filter, sort and search the results in many customizable ways.

For full details on how to tailor the query results, see Event Viewer in the main Ivanti Security Controls Help.

Try it yourself

1.In the Security Controls console select View > Application Control Events. Alternatively, you can select View Events from the Application Control Configuration Editor.

2.Select the type of events you want to run the query for, we'll pick Browser Control.

3.Set the criteria as required to cover a specified time range, or restrict to a user or machine.

4.Select Run Query. The lower half of the screen will populate with the results which you can then further filter or search through.

5.You should see the facebook entry in the results from our test example in URL Redirection.

6.Repeat these steps to see events for the other examples we have gone through; self-elevation, privilege management, allowed and denied executables.

Creating a Rule Item from an Event

Another useful action you can do from the Events view is to drag/drop or copy/paste to create a File, Folder or File Hash Rule Items for the following:

Rule Collections > Executable Control/Privilege Management

Rule Sets > Executable Control > Allowed/Denied

Rule Sets > Privilege Management > Applications/Self-Elevation

Try it yourself

1.Navigate to the location in the Application Control Configuration Editor where you want to create the rule item. For example, Rule Sets > Everyone > Executable Control > Allowed.

2.In the Event Viewer dialog, select the required event(s) and either copy or drag back to the Allowed dialog.

3.Drop or paste to display the Select Rule Item Type dialog.

4.Select the type of item(s) you want to create, file path, file name, folder or file hash.

5.The rule item(s) is added.

Your next step

Why use Events?


Was this article useful?