We are using watchlists to trigger alarms/cases in ESM. Regardless of type of watchlist (static/dynamic), do you know if (and where) is any information logged what was changed?
I need to track/audit additions/removals of entries to watchlists.
Solved! Go to Solution.
They are not logged as of 9.4.2. Only system health related data is logged, unfortunately watchlists are not part of what is logged.
To see what events are logged for auditing purposes, you can go into policy editor, and under ESM, it will list all SIEM specific related events.
They are not logged as of 9.4.2. Only system health related data is logged, unfortunately watchlists are not part of what is logged.
To see what events are logged for auditing purposes, you can go into policy editor, and under ESM, it will list all SIEM specific related events.
Thanks for confirming that, Ryan.
Raised PER for this.
Hello, if you get any feedback for PER please share.
Thanks
Corporate Headquarters
6220 America Center Drive
San Jose, CA 95002 USA