0 Replies Latest reply on Jul 7, 2010 1:09 PM by Mr_Security

    PortalShield 2.0 SP1 not reporting enough info to ePO 4.0

      We have recently added Portal Shield to report events to our ePO, and the events get generated appropriately.  The problem we are having is that when an incident is reported, there is not very much information in the actual event.  I get the following:

       

      Threat Source Process Name

      Threat Target User Name (which is always NT Authority\System)

      Threat Target File Path (provides executable but not full path)

      Event ID

      Threat Severity

      Threat Name

      Threat Type

      Action Taken

      Threat Handled

      Event Description

       

      These are all fine, except it doesn't provide the name of the actual authenticated user, source IP address, source hostname, or full path name.  We are able to find this information in the SharePoint logs in C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\12\Logs folder.  Just wondering if there was a way to get this information put into the alert that is generated to avoid having to check multiple log files.  This information does not show up under Portal Shield on the SharePoint as well.  Anyone else come across this issue?