Hello All,
I am new to LEM and I am trying to setup file auditing using FIM. I have FIM getting data when a file is changed, for example, Word.docx changes to word.docx.ecc. I want to setup a rule to send me an email when this happens. I'm not sure if I created the rule correctly or if I'm missing something, but when this rule is triggered I get an email and the subject just has the word 'at' in it. Any input would be greatly appreciated.
Here are the results from my ndepth query.
Event Name: FileRead
EventInfo: File Open for Metadata Read "E:\DFS\Dept_Common\OIT\test.docx.ecc" by user "Username" InsertionIP: SERVER Manager: LEM SERVER DetectionIP: x.x.x.x InsertionTime: 11:35:09 Fri Mar 13 2015 DetectionTime: 11:35:02 Fri Mar 13 2015 Severity: 3 ToolAlias: FIM File and Directory InferenceRule: ProviderSID: 2 ExtraneousInfo: SourceAccount: dtyner SourceDomain: WALSHCOLLEGE SourceLogonID: DestinationAccount: DestinationDomain: DestinationLogonId: AccessRequested: PrivilegesExercised: FileName: E:\DFS\Dept_Common\OIT\test.docx.ecc FileHandleID: OperationID: ServingProcess: AccessProperties: OperationType:
here is a copy of my rule
