|
|
|
There are queries that are not tagged as Action Alerts that are good candidates for including in a scheduled action alert because they retrieve only events evaluated as severe.
For example, Security Log Cleared by Host Detail retrieves all events where the event action is Security Log Clear. The only tag for this query is Operational Security.
The action, Security Log Clear, is listed in the CEG. The CEG defines the following two event types with a security level mapped to 6, which is severe.
|
Category |
Class |
Action |
Result |
Security Level |
|---|---|---|---|---|
|
Operational Security |
Security Log Activity |
Security Log Clear |
Success |
6 |
|
Operational Security |
Security Log Activity |
Security Log Clear |
Failure |
6 |
It is a good practice to schedule an alert with this query.
| Copyright © 2011 CA. All rights reserved. | Email CA Technologies about this topic |