McAfee PASCDE-AB-IA Product Guide - Page 62

File version comparison, Accept file integrity monitoring events, Entitlement reporting

Get McAfee PASCDE-AB-IA - Policy Auditor For Servers PDF manuals and user guides View all McAfee PASCDE-AB-IA manuals
Add to My Manuals
Save this manual to your list of manuals

Page 62 highlights

File Integrity Monitoring and entitlement reporting Entitlement reporting File version comparison The comparison feature allows you to view the contents of a versioned file and compare the text file content with other files. The software uses a color-coding system to identify file lines that are equal, empty, deleted, inserted, or modified. You can compare a stored version of the text with: • The file baseline. • Previous file versions. • A specified file on another system. Double-byte characters The file version comparison feature supports files containing only single-byte characters in the filename and contents. It does not support file comparison for files containing double-byte characters. Accept file integrity monitoring events When a monitored file changes, it generates an event that you can accept. You can accept one or more events from the File Integrity page or from pages that you drill down to in reports: • Accepting an event designates the changed file as the new baseline version and purges, or deletes, any previous versions. • Accepting multiple events designates the most recently changed files as the new baseline version and purges any previous version. • Accepting an event for a versioned file sets it as the new baseline version and purges previous versions of the file. You can also accept events from the file integrity monitoring query reports drilldown pages. Purge file integrity monitoring events You can purge, or delete, file integrity monitoring events. The software purges events based on a selected age. You can also choose to purge baseline events. Purging events does not set a new baseline. If you select the option to purge baseline events on a versioned file, you cannot compare later files with the purged baseline file. However, you can compare file versions that have not been purged. If you purge a baseline file, the software discards the stored baseline file information, including stored text if versioning is enabled. The software retains the baseline file hash information and sends events with new file information when the file changes. You can also purge events from the last page shown when you drill down into file integrity monitoring query reports. Entitlement reporting Entitlement reporting informs you of changes to user and group rights to files. Changes to a file's access permissions entitlement generates an event notifying you of the change. 62 McAfee Policy Auditor 6.0 software Product Guide for ePolicy Orchestrator 4.6

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
File version comparison
The comparison feature allows you to view the contents of a versioned file and compare the
text file content with other files.The software uses a color-coding system to identify file lines
that are equal, empty, deleted, inserted, or modified.
You can compare a stored version of the text with:
The file baseline.
Previous file versions.
A specified file on another system.
Double-byte characters
The file version comparison feature supports files containing only single-byte characters in the
filename and contents. It does not support file comparison for files containing double-byte
characters.
Accept file integrity monitoring events
When a monitored file changes, it generates an event that you can accept.
You can accept one or more events from the File Integrity page or from pages that you drill
down to in reports:
Accepting an event designates the changed file as the new baseline version and purges, or
deletes, any previous versions.
Accepting multiple events designates the most recently changed files as the new baseline
version and purges any previous version.
Accepting an event for a versioned file sets it as the new baseline version and purges previous
versions of the file.
You can also accept events from the file integrity monitoring query reports drilldown pages.
Purge file integrity monitoring events
You can purge, or delete, file integrity monitoring events.The software purges events based
on a selected age.You can also choose to purge baseline events.
Purging events does not set a new baseline. If you select the option to purge baseline events
on a versioned file, you cannot compare later files with the purged baseline file. However, you
can compare file versions that have not been purged.
If you purge a baseline file, the software discards the stored baseline file information, including
stored text if versioning is enabled.The software retains the baseline file hash information and
sends events with new file information when the file changes.
You can also purge events from the last page shown when you drill down into file integrity
monitoring query reports.
Entitlement reporting
Entitlement reporting informs you of changes to user and group rights to files. Changes to a
file's access permissions entitlement generates an event notifying you of the change.
File Integrity Monitoring and entitlement reporting
Entitlement reporting
McAfee Policy Auditor 6.0 software Product Guide for ePolicy Orchestrator 4.6
62