Active List for Windows Privilged Users
Hi All, we are creating some use cases to monitor the privileged user activities.
I am unable to populate the active list for the privileged users, can some one guide me :-
1) Do I added the active list manually? when am adding the list manually its triggering the rules
2) How should ArcSight updated the event based or filed based?
Re: Active List for Windows Privilged Users
Initially you will need to populate the list manually . Then a create another rule to monitor any addition to the privileged groups and add it to the existing list automatically .