I'm trying to create a scheduled report that will be sent every morning containing events that were done during off hours.
Our client's business hours is from 8am-6pm and we wanted to make a report that will show kind suspicious events done from 6:01pm-7:59AM.
I just want to ask for some help on what rules I need to include in order to make the report useful. Maybe others already made the similar report.
Thanks in advance and more power to the group!
Thank you for looking into this. I cannot seem to find that option in the layout section. Should I need to enable it first somewhere?
I have Compliance, Executive Reports, McAfee ADM, DAM, DEM, McAfee Event Reporter. All of those have subcategories and 'Outside of business hours activity is not there'.
No it didn't. The data generated was not the data our client wanted. We just created a report based from normalization that has kind of suspicious activity outside office hours like password reset, account creation, etc. And the report only includes source ip, source user, and total event count.