Submitting forms on the support site are temporary unavailable for schedule maintenance. If you need immediate assistance please contact technical support. We apologize for the inconvenience.
Get Live Help
You have selected a product bundle. Can you please select the individual product for us to better serve your request.*
There is not a technical support engineer currently available to respond to your chat. For prompt service please submit a case using our case form.
The following articles may solve your issue based on your description.
Use this command to view the Threat Detection configuration information and information about the associated subscription.
A connection obtained by using the Connect-CAClient command. See Connecting to Change Auditor.
Example: Review Threat Detection configuration details
Get-CAThreatDetectionConfiguration -Connection $connection
The command returns the following information. For more information about some of these settings see the Change Auditor SIEM Integration Guide.
The Threat Detection server fully qualified domain name.
State of the configuration:
How many days of historical events have been sent to Threat Detection server.
Status of the Threat Detection server:
Status of the data processing. For example, building baseline.
Threat Detection server version.
Threat Detection subscription ID.
Starting point in time for events to send.
Subsystems that have been selected for event sending.
Whether the Threat Detection subscription is enabled.
How often how often (in milliseconds) events are sent.
Interval (in milliseconds) that a heartbeat check is made for the configuration.
Batch size. The maximum number of events to include in a single notification message.
Url for notifications.
Url for heartbeat notifications.
When the last event was sent.
Last event response (For example OK, HTTP 429 - Too many events being sent, and HTTP 401 - Unauthorized access.)
When the last heartbeat was sent.
The last heartbeat response. (For example OK, HTTP 429 - Too many events being sent, and HTTP 401 - Unauthorized access.)
Number of events sent.
Number of batches sent.
Number of heartbeats sent.
Time the last event was sent.
List of coordinators permitted to send events.
The coordinator that is sending events. If the subscription is disabled, this is the last coordinator that sent events.
Use this command to modify the list of allowed coordinators for the Threat Detection configuration.
The DNS or NetBIOS name of the coordinators permitted to send events. If none are specified, all coordinators installed at the time of configuration are permitted to send events.
Example: Modifying a configuration
Set-CAThreatDetectionConfiguration -Connection $connection -AllowedCoordinators @('machine1.domain.com','machine2.domain.com')
Example: To clear a previous list of allowed coordinators
Set-CAThreatDetectionConfiguration -Connection $connection -AllowedCoordinators @()
Use this command to remove a Threat Detection configuration.
Deleting the configuration only removes configuration information from Change Auditor. It does not remove data or configuration on the Threat Detection server.
Example: Remove the Threat Detection configuration
Remove-CAThreatDetectionConfiguration -Connection $connection
You can find online support help for Quest *product* on an affiliate support site. Click continue to be directed to the correct support content and assistance for *product*.
The document was helpful.
I easily found the information I needed.
© ALL RIGHTS RESERVED.
Cookie Preference Center
The Quest Software Portal no longer supports IE8, 9, & 10 and it is recommended to upgrade your browser to the latest version of Internet Explorer or Chrome.
Upgrade to IE 11 Click here
Upgrade to Chrome Click here
If you continue in IE8, 9, or 10 you will not be able to take full advantage of all our great self service features.