For risky user events, the View risky user details link opens the dashboard on the Users page; for Threat Detection alert events, the View alert details link opens the dashboard on the Alerts page.
The Threat Detection events includes the following additional information:
Date and time the Threat Detection server started processing the alert. | |
Value that identifies whether the user is an administrator or a watched user. | |
When event logging for Change Auditor is enabled, internal Change Auditor events will be written to a Windows event log, named Change Auditor Coordinator Service event log. In addition, when event logging for Registry, Service and/or Local Account is enabled in Change Auditor, related events will be written to the Change Auditor Service event log. These log events can then be gathered by InTrust for further processing and reporting.
The following internal Change Auditor events are recorded to the Change Auditor Coordinator Service event log when Change Auditor event logging is enabled.
© ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center