How to get a periodic report of newly installed software (Windows)?

Comments

3 comments

  • Official comment
    Avatar
    Kirsten Flores

    Hi Bill! If I'm understanding correctly, I believe you want to receive email alerts generated from a Correlation policy set up under Configuration> Log Management > Alert Rules > Correlation. 

    To configure who receives these alerts, you can edit the contact for the alert rule under Configuration > Notifications > Policies. This page lists all the policies you have set up (alerts, incidents, scans, etc.) Locate the Correlation alert rule on this page, click the drop-down on the far right, and click View/Edit. In the settings, you can edit the alert recipients. Additional information about notifications is available in our Notifications documentation. 

    Note that if you have not already added yourself as a contact on the Configuration > Notifications > Contacts & Groups page in the Alert Logic console, you will need to add yourself as a contact before you can be selected as an alert recipient. 

    Let me know if I have misunderstood your issue or need any further clarification!

    Comment actions Permalink
  • Avatar
    Bill Phillips

    Your reply makes sense. I've added my address to the destination list and am waiting to see if  I get anything.

    I am, however, getting the feeling that whoever set this up under Correlations might have been approaching the problem incorrectly.

    If my goal is to get a periodic (weekly or monthly) email with a report of the software that has been installed on my Windows systems in the previous period, how would I best achieve this?

    0
    Comment actions Permalink
  • Avatar
    James Nolin

    This can be done by using a Saved View or Scheduled Log Search that leverages the "Application/Install" Message Context to search for only those related Message Types and can email you the results on a recurring schedule. 

    Instructions:
    https://docs.alertlogic.com/analyze/log-search/log-search-save-schedule.htm 

    0
    Comment actions Permalink

Please sign in to leave a comment.