Showing results for 
Search instead for 
Did you mean: 
Level 7

PortalShield 2.0 SP1 not reporting enough info to ePO 4.0

We have recently added Portal Shield to report events to our ePO, and the events get generated appropriately.  The problem we are having is that when an incident is reported, there is not very much information in the actual event.  I get the following:

Threat Source Process Name

Threat Target User Name (which is always NT Authority\System)

Threat Target File Path (provides executable but not full path)

Event ID

Threat Severity

Threat Name

Threat Type

Action Taken

Threat Handled

Event Description

These are all fine, except it doesn't provide the name of the actual authenticated user, source IP address, source hostname, or full path name.  We are able to find this information in the SharePoint logs in C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\12\Logs folder.  Just wondering if there was a way to get this information put into the alert that is generated to avoid having to check multiple log files.  This information does not show up under Portal Shield on the SharePoint as well.  Anyone else come across this issue?

0 Kudos