KBI 310789 Issue Addressed: Windows File Log Rule Generates Combined Events Showing Only The Last Two Occurrences
Version
Argent for Compliance 3.1A-1310-A or below
Date
Friday, 20 Dec 2013
Summary
Argent for Compliance uses the Boolean registry ‘COMBINE_ALERTS_ON_LOG_EVENT‘ to control whether to generate combined event or individual events in a single file log scanning
There were some issues in this area for the Windows File Log Rule
The generated combined events list only the last two most recent occurrences
Technical Background
Argent AT 3.1A-1401-A has corrected this issue and generates the combined event as expected
The event now lists the latest occurrence as well as all previous ones found in this scan
Resolution
Upgrade to Argent AT 3.1A-1401-A or later