Threat intelligence and CAE

Event logs can assist with monitoring suspicious activity and identifying the cause of cybersecurity breaches that could lead to a cybersecurity incident. See Configuring CAE for information on viewing configuration history.

Setting up cybersecurity event logs

The event log can be used to monitor user logins and user account lockouts. Logs are based on Windows Event Viewer policies governed by your organization. Syslog server IP address, Syslog server IP port, and SNMP server IP address settings are not required for a standalone environment.

To set up cybersecurity event logs:

1. Open Cybersecurity Admin Expert.
2. Select SECURITY SETTINGS > Logs.
3. Enter details.
4. Click Save.

Viewing and exporting cybersecurity event logs

To view and export cybersecurity event logs:

1. Open Cybersecurity Admin Expert.
2. Click the Question Mark icon on the title bar.

   

3. Select Audit Logs. The Audit Logs window opens.
4. Click Export.
5. Enter a file name.
6. Click Save.