McAfee PASCDE-AB-IA Product Guide - Page 62
File version comparison, Accept file integrity monitoring events, Entitlement reporting
View all McAfee PASCDE-AB-IA manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 62 highlights
File Integrity Monitoring and entitlement reporting Entitlement reporting File version comparison The comparison feature allows you to view the contents of a versioned file and compare the text file content with other files. The software uses a color-coding system to identify file lines that are equal, empty, deleted, inserted, or modified. You can compare a stored version of the text with: • The file baseline. • Previous file versions. • A specified file on another system. Double-byte characters The file version comparison feature supports files containing only single-byte characters in the filename and contents. It does not support file comparison for files containing double-byte characters. Accept file integrity monitoring events When a monitored file changes, it generates an event that you can accept. You can accept one or more events from the File Integrity page or from pages that you drill down to in reports: • Accepting an event designates the changed file as the new baseline version and purges, or deletes, any previous versions. • Accepting multiple events designates the most recently changed files as the new baseline version and purges any previous version. • Accepting an event for a versioned file sets it as the new baseline version and purges previous versions of the file. You can also accept events from the file integrity monitoring query reports drilldown pages. Purge file integrity monitoring events You can purge, or delete, file integrity monitoring events. The software purges events based on a selected age. You can also choose to purge baseline events. Purging events does not set a new baseline. If you select the option to purge baseline events on a versioned file, you cannot compare later files with the purged baseline file. However, you can compare file versions that have not been purged. If you purge a baseline file, the software discards the stored baseline file information, including stored text if versioning is enabled. The software retains the baseline file hash information and sends events with new file information when the file changes. You can also purge events from the last page shown when you drill down into file integrity monitoring query reports. Entitlement reporting Entitlement reporting informs you of changes to user and group rights to files. Changes to a file's access permissions entitlement generates an event notifying you of the change. 62 McAfee Policy Auditor 6.0 software Product Guide for ePolicy Orchestrator 4.6