4 Replies Latest reply on Apr 21, 2011 2:07 AM by epoquito

    Audit Events -> Automatic Response


      Hi, I'd like to know, how could I send Audit Events from Audit Log as SNMP/email. It seems, it is not possible to use Automatic Response as with Threat Events etc.

      Will be glad for any ideas.

        • 1. Re: Audit Events -> Automatic Response
          Attila Polinger



          you could prepare a query on Logging - Audit events, save it and create a server task that runs this query and as a subaction emails the resulting file.

          Server task run schedule, query filtering and repeating action and subaction in the server task may help further refining you goal.

          Would this suit you?




          Message was edited by: apoling on 20/04/11 14:18:18 CEST
          1 of 1 people found this helpful
          • 2. Re: Audit Events -> Automatic Response

            Hi Attila,

            and thank you for the answer. I've considered similar scenario as you have mentioned (exporting xml files).

            The thing is, I'd like to send some Audit events to the monitoring console. Process with exporting queries and sending them through email/xml is possible I believe, but is not an ideal solution. Having a real time automatic response would be actually a lot better.

            Is there actually a reason why Audit Log is not included in automatic response triggers?



            • 3. Re: Audit Events -> Automatic Response
              Attila Polinger



              I do not know the answer. Only answer I know that I'm clean in this respect since I submitted an FMR in May 10 last year to address this very same topic and that have not been reviewed yet. Let us hope for the better.





              • 4. Re: Audit Events -> Automatic Response

                It is a reasonable request, I hope they will review it. I'd be glad, if you can inform me in this thread, if anything regarding the FMR changes.

                Thanks for the answers.