PortalShield 2.0 SP1 not reporting enough info to ePO 4.0
We have recently added Portal Shield to report events to our ePO, and the events get generated appropriately. The problem we are having is that when an incident is reported, there is not very much information in the actual event. I get the following:
Threat Source Process Name
Threat Target User Name (which is always NT Authority\System)
Threat Target File Path (provides executable but not full path)
These are all fine, except it doesn't provide the name of the actual authenticated user, source IP address, source hostname, or full path name. We are able to find this information in the SharePoint logs in C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\12\Logs folder. Just wondering if there was a way to get this information put into the alert that is generated to avoid having to check multiple log files. This information does not show up under Portal Shield on the SharePoint as well. Anyone else come across this issue?
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.
Community Help Hub
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.