How to get a periodic report of newly installed software (Windows)?

Comments

5 comments

  • Official comment
    Avatar
    Abby Kincer

    Hi Bill, thanks for reaching out again! Let's wake you up from that IT nightmare, shall we?

    It sounds like you want to be able to rework a Saved Search that's no longer working for you. I've got a fresh link for you here, which will walk you through creating a Saved Search in the updated Alert Logic console, including setting a cadence for the search - Create a search schedule and notification. This link may also be helpful, which describes how to use our Simple Search mode - Search Simple Mode.

    We've also got a section of resources that may be useful as you learn the new console - Console Overview.

    Please let me know if you need additional assistance on this - happy to help!

    Comment actions Permalink
  • Avatar
    Kirsten Flores

    Hi Bill! If I'm understanding correctly, I believe you want to receive email alerts generated from a Correlation policy set up under Configuration> Log Management > Alert Rules > Correlation. 

    To configure who receives these alerts, you can edit the contact for the alert rule under Configuration > Notifications > Policies. This page lists all the policies you have set up (alerts, incidents, scans, etc.) Locate the Correlation alert rule on this page, click the drop-down on the far right, and click View/Edit. In the settings, you can edit the alert recipients. Additional information about notifications is available in our Notifications documentation. 

    Note that if you have not already added yourself as a contact on the Configuration > Notifications > Contacts & Groups page in the Alert Logic console, you will need to add yourself as a contact before you can be selected as an alert recipient. 

    Let me know if I have misunderstood your issue or need any further clarification!

    0
    Comment actions Permalink
  • Avatar
    Bill Phillips

    Your reply makes sense. I've added my address to the destination list and am waiting to see if  I get anything.

    I am, however, getting the feeling that whoever set this up under Correlations might have been approaching the problem incorrectly.

    If my goal is to get a periodic (weekly or monthly) email with a report of the software that has been installed on my Windows systems in the previous period, how would I best achieve this?

    0
    Comment actions Permalink
  • Avatar
    James Nolin

    This can be done by using a Saved View or Scheduled Log Search that leverages the "Application/Install" Message Context to search for only those related Message Types and can email you the results on a recurring schedule. 

    Instructions:
    https://docs.alertlogic.com/analyze/log-search/log-search-save-schedule.htm 

    0
    Comment actions Permalink
  • Avatar
    Bill Phillips

    You know that IT urban horror where the guy does a search and finds himself? Well, That's me today. 

    Sometime between our 'upgrade' to the new platform and now, this report stopped running. 

    The original tip falls over in the new interface/platform - Configuration - Log Management gets me to a screen offering a new S3 setup of some kind. We're not an Amazon shop, but I keep seeeing AWS prompts...

    The instruction link above is dead, and new new UI is as inscrutable as ever. :-/

    Does anyone have ideas on getting this report back up and running? 

    0
    Comment actions Permalink

Please sign in to leave a comment.