06-21-2006 04:09 PM - edited 03-09-2019 03:20 PM
Folks,
when i look at default rule sets like "desktops" , towards the end of the page I see a bunch of rules in a seprate box which has "monitor" option checked, my question is what are these rules for , any thing different they are doing?
06-27-2006 10:59 AM
Which Product/version are you using?
07-13-2006 09:28 PM
Monitor rules simply alert you to an event happening on your agent.
For example, you want to know when a file is opened for read. Let's say a file on your server containing HR records. A monitor rule will log that to the CSAMC for your later investigations. Event details will contain useful information like time of event and the uid of the process that accessed the data.
There is a section in Chapter 5 of the CSA User's Guide that covers "The Monitor Action".
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: