KBI 310789 Issue Addressed: Windows File Log Rule Generates Combined Events Showing Only The Last Two Occurrences

Version

Argent for Compliance 3.1A-1310-A or below

Date

Friday, 20 Dec 2013

Summary

Argent for Compliance uses the Boolean registry ‘COMBINE_ALERTS_ON_LOG_EVENT‘ to control whether to generate combined event or individual events in a single file log scanning

There were some issues in this area for the Windows File Log Rule

The generated combined events list only the last two most recent occurrences

Technical Background

Argent AT 3.1A-1401-A has corrected this issue and generates the combined event as expected

The event now lists the latest occurrence as well as all previous ones found in this scan

Resolution

Upgrade to Argent AT 3.1A-1401-A or later