RSA Admin

Event Category -vs- Message ID

Discussion created by RSA Admin Employee on Dec 12, 2011
Latest reply on Jan 17, 2012 by RSA Admin

I was wondering what people's experience has been with using Event Category instead of MessageID's.  (Note: I am using Content 2.0).

 

Since moving to 2.0 I have found the Category Names to be pretty good for Windows.  I have specifically gotten a lot of use out of:

 

User.Activity.Failed Logins

User.Activity.Successful Logins

User.Management.Groups.Modifications.User Added

User.Management.Groups.Modifications.User Removed

 

For me its certainly a lot easier for generating alerts and reports using this logic as opposed to having to input a list of Message IDs for each one.

Outcomes