McAfee PASCDE-AB-IA Product Guide - Page 67

File Integrity Monitoring and entitlement reporting Query reports for file integrity monitoring 3 Edit the dialog box to purge events older than the specified time. Select Purge Baseline Events to discard stored baseline settings, including the file text if versioning is enabled. Click OK. Create a new file integrity monitoring baseline You can create a new file integrity monitoring baseline for all monitored files on a system. NOTE: Use the Accept command on the File Integrity Events page to accept events for one or more files and automatically create new baselines. Task For option definitions, click ? in the interface. 1 Click Menu | Reporting | File Integrity, then select the Systems tab. 2 Select a system, then click Actions | Reset Baseline. The reset baseline dialog box appears. Click Yes. Query reports for file integrity monitoring McAfee Policy Auditor software provides four built-in query reports for file integrity monitoring. Each report provides information on events and allows you to drill down to see detailed information. The query reports also allow you to accept or purge events and to compare file versions if file versioning is enable. You can edit the queries, make new queries based on the existing queries, and add the queries to a dashboard. PA: File Integrity - All Events Displays an aggregated count of file integrity events grouped by the associated baseline date. PA: File Integrity Event Counts Displays a pie chart of file integrity events grouped by event type. PA: File Integrity Events By System/Baseline Date Displays a list of the file integrity exceptions encountered after a baseline reset, grouped by system and baseline date. PA: File Integrity Events By System/Event Type Display a an aggregated count of file integrity events grouped by system. McAfee Policy Auditor 6.0 software Product Guide for ePolicy Orchestrator 4.6 67