Download User Manual

To filter events that refer to an administrator user (events having the security
identifier SID that identifies a logon administrator session), ensure that if the
target is a domain member, the domain controller must be added as a target
machine and scanned. For more information on how to add target machine, refer
to Managing event sources groups section in this manual.
7. (Optional) Click Advanced to configure advanced filtering conditions. For more
information refer to Advanced event filtering parameters section in this manual.
Screenshot 109 - New processing rule wizard: Select event occurrence and importance
8. Specify the time when this rule will be executed. (Example: anytime, during working
hours or outside working hours).
Working and non-working hours are based on the operational time parameters
configured for your event sources. For more information on how to configure
operational times, refer to Configure operational time chapter.
9. Select the classification (critical, high, medium, low or noise) that will be assigned to
events that satisfy the conditions in this rule. Click Next to continue.
116 |Manage rule-sets
GFI EventsManager