Manualshelf

Product guide

ManualsBrandsMcAfee ManualsOtherEPOLICY ORCHESTRATOR 3.6 - WALKTHROUGH GUIDE
11121314151617181920
The Audit Log
Use the Audit Log to maintain and access a record of all ePO user actions. The Audit Log entries
display in a sortable table. For added flexibility, you can also filter the log so that it only displays
failed actions, or only entries that are within a certain age.
The Audit Log displays seven columns:
Action — The name of the action the ePO user attempted.
Completion Time — The time the action finished.
Details — More information about the action.
Priority — Importance of the action.
Start Time — The time the action was initiated.
Success — Specifies whether the action was successfully completed.
User Name — User name of the logged-on user account that was used to take the action.
Audit Log entries can be queried against. You can create queries with the Query Builder wizard
that target this data, or you can use the default queries that target this data. For example, the
Failed Logon Attempts query retrieves a table of all failed logon attempts.
The Event Log
Use the Event Log to quickly view and sort through events in the database. The Event Log can
be purged only by age.
You can choose which columns are displayed in the sortable table. You can choose from a
variety of event data to use as columns.
Depending on which products you are managing, you can also take certain actions on the
events. Actions are available on the buttons at the bottom of the page.
Common event format
All managed products now use a common event format. The fields of this format can be used
as columns in the Event Log. These include:
Action Taken — The action that was taken by the product in response to the threat.
Agent GUID — Unique identifier of the agent that forwarded the event.
DAT Version — DAT version on the system which sent the event.
Detecting Product Host Name Name of the system hosting hosting the detecting product.
Detecting Product ID — ID of the detecting product.
Detecting Product IPv4 Address IPv4 address of the system hosting the detecting product
(if applicable).
Detecting Product IPv6 Address IPv6 address of the system hosting the detecting product
(if applicable).
Detecting Product MAC Address MAC address of the system hosting the detecting product.
Detecting Product Name — Name of the detecting managed product.
Detecting Product Version — Version number of the detecting product.
Configuring ePolicy Orchestrator Servers
The Audit Log
19McAfee ePolicy Orchestrator 4.0 Product Guide