Cool Halo Trick #14: Security Events History

pwpadmin / 05.22.12

Problem: I get alerts when flagged activity occurs on my server, but I want to see a history of that activity.

You may already know that you can set up alerts for changes in configuration or special events on your servers, but you may not know where to find a history of those alerts.

In the “Servers” menu, click “Security Events History” (Figure 1).  Here you can view all types of events that are flagged in your Special Events PoliciesConfiguration Policies, and FIM Policies. Failed GhostPorts logins will also be recorded here. 

You’ll be presented with a screen like Figure 2:

You can filter the results displayed by the group, server, date, type of event, OS type, and level of criticality.  Select the criteria you want to search by and click the “Filter” button. For example, if my Special Events Policy logged new servers spinning up, and I want to see all of the instances of a new server spinning up in the last 90 days, my filter would look like Figure 3.