Security Controls Evaluation Guide

Home 

Event Selection and Filtering

The Application Control Configuration Events feature allows you to define which events you are interested in capturing and includes a filter for specifying which file types are included.

Event Selection

To enable Event Selection you must first turn on event capturing by selecting either central or local capture in the Events node. See Introducing AC Events for further details.

Select which events you want to capture.

You'll notice that some events are selected and some are not, for example 9001, 9007, and 9015 events are disabled by default as they can generate excessive event data on busy endpoints. We recommend these events are only used for troubleshooting purposes, and only for short periods of time.

Event Filtering

The Enable event filtering option is enabled by default and configured to include the recommended file filters. It allows you to filter the file types that you want to audit. This is particularly useful if you choose a high volume event.

Select or clear the file types as required for each listed event.

You can add new file types to the list by right-click > Add.

Your next step

Events Retrieval

Why use Events?


Was this article useful?