This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

RSA enVision® Discussions

Browse the RSA enVision discussion board to get product help and collaborate with other users of RSA enVision.
RSAAdmin
Beginner
Beginner
‎2012-05-28 03:12 AM

Report: A Single event for multiple devices.

Hello, 

   We're going through an audit, and the auditors would like a report of a successful and unsuccessful logon attempt for each of the sampled systems. Do any of you fine folks know how to limit results to 1 of each event type per device?

 

Thanks for your consideration. 

-Todd

0 Likes
Reply
1 Reply
RSAAdmin
Beginner
Beginner
‎2012-06-18 11:33 AM

Not sure you can return a single event for a specific timeframe if there is more than one event. What you can do is use the count(....) field in your report. So say for example you want to report on failed logons, select the username, Count(messageId) or count(referenceID), and Event Computer as your fields in the report. What you will get is count of all failed logons for each user on each event computer on a single line for each evetn computer. Keep in mind that if you select a date time field you will still see every failed logon for the users rather than a count so do not use a date time field in the report. If you want the auditor to see the timeframe you selected for the sample simply include the check mark for date and tiemframe on the last page of the configuration for the report.
0 Likes
Reply
© 2020 RSA Security LLC or its affiliates.
All rights reserved.