This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

RSA enVision® Discussions

Browse the RSA enVision discussion board to get product help and collaborate with other users of RSA enVision.
RSAAdmin
Beginner
Beginner
‎2010-02-01 11:15 AM

Capture of account creation and deletion in a restricted time frame.

I have been asked if it is possible to do the following in regards to an alert. Run a rule that grabs the detail of an account that is created with high level access and then alerts if that specific account is not deleted after 180 minutes has expired. 
0 Likes
Reply
1 Reply
RSAAdmin
Beginner
Beginner
‎2010-02-02 05:13 AM

I dont see why it isnt possible, youd want to look for something like "Account created ( EventID 624 Windows2000 and XP-4720 Vista/Server2008) then something like "User.Management.Groups.Modifications.User Added" then the delete ID would be 630 on 2000/Xp and 4726 on Vista/2008. Im not to sure how you would make it fire if its not deleted in such and such time. But im sure someone on here can help you out abit more. Hope i was able to help in the slightest.
0 Likes
Reply
© 2020 RSA Security LLC or its affiliates.
All rights reserved.