File Collection: Step 4. Verify That Collection Is Working

Document created by RSA Information Design and Development on Jun 25, 2017Last modified by RSA Information Design and Development on Jul 28, 2017
Version 2Show Document
  • View in full screen mode
  

This topic tells you what to check in Security Analytics to verify that you have configured File Collection correctly.

Return to Procedures

Context

You need to verify that File Collection has been configured correctly, in order to ensure that it works.

Procedure

The following figure illustrates how you can verify that File collection is working from the Administration > Health & Wellness > Event Source Monitoring tab.

VerifyFile.png

Access the Event Source Monitoring tab from the Administration > Health & Wellness view.

Find the Log Decoder, Event Source, and Event Source Type (for example, apache).

Look for activity in the Count column to verify that File collection is accepting events.

The following figure illustrates how you can verify that File collection is working from the Investigation> Events > view.

VerfiyNtflwInvest1.png

Access the Investigation > Events view.

Select the Log Decoder (for example, LD1) collecting File events in the Investigate a Device dialog.

VerifyInvestFile2.png

Look for a File event source parser (for example, apache) in the Device Type column to verify that File collection is accepting events.

You are here
Table of Contents > File Collection Protocol Configuration Guide > Procedures > Step 4. Verify That File Collection Is Working

Attachments

    Outcomes