Version

Argent for Compliance 3.1A-1404-T3 or earlier

Date

Wednesday, 4 June 2014

Summary

Argent for Compliance has always been able to combine Alerts into a single Alert for Event Logs

See KBI 310512 Combining Alerts Into A Single Alert For Event Logs in Argent AT

Though the Combined Events have the same Event ID and Event Source, the message detail might be slightly different

Customer may need to see the difference to identify what the Alert is actually is about

For example, Rule EVT_TEST checks file share access Event 5140

If the default option of ‘Combine Events With Latest Description‘ is used, the Alert message will miss the different share name and path for the combined Events

The TEST result will look like following:

Click For Full Size

If the option ‘Combine Events With Full Description‘ is used, the Alert message will be more in detail

Click For Full Size

Argent for Compliance also provides the user-friendly interface to change the system default without editing registry as described in KBI 310512

Click For Full Size

Technical Background

N/A

Resolution

Upgrade to Argent Advanced Technology 3.1A-1404-T3 or later