How can we improve?

Reporting: Columns in Layout tab based on event ID in General tab

When preparing custom reports or adjusting the available ones, GFI EM2k13 should have the ability for users to have it much easier to prepare effective custom reports much quicker.

As described here http://manuals.gfi.com/en/esm2013administrator/content/ACM/Topics/Reporting/Creating_custom_reports.htm if one criteria in General tab is e.g. Event ID = 4624, then when we want to check for IP (or other columns), under the Layout tab the selection criteria should be narrowed down only to columns which event ID 4624 provides.
https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventid=4624#examples

Right now, selecting from existing columns is an ugly mess because event IDs have various names for same columns.
E.g. EID 4624 has: source network address as a column for IP, but when searching for address, you have all sorts of similar columns: ip address, source address, network address etc... which do not correspond to the event ID that you selected in the General tab.

I hope this makes sense and gets started to be implemented in GFI EM2k13.

Thanks,
Val.

1 vote
Sign in Sign in with GFI
Signed in as (Sign out)

We’ll send you updates on this idea

VB shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

0 comments

Sign in Sign in with GFI
Signed in as (Sign out)
Submitting...

Feedback and Knowledge Base