Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net. The EventId.Net for Splunk Add-on assumes that Splunk is collecting information from Windows servers and workstation via the Splunk Universal Forwarder.
|Source: Symantec AntiVirus/Filtering for Exchange 2000|
The body of message <message subject> located in <mailbox name> has violated the following policy settings:
SubPolicy: Content SubPolicy
Rule: Basic Content Rule
The following actions were taken on it:
The body of message <message subject> was Logged Only for the following reason(s)
A content violation (score: 70) was found in the message.
|English: Request a translation of the event description in plain English.|
Self-explanatory. The Logged Only will be whatever configuration you have set up (Deleted, Logged Only, Quarantine, etc). The content violation score will be higher/lower depending on the message body.
|Private comment: Subscribers only. See example of private comment|
|Search: Google - Bing - Microsoft - Yahoo - EventID.Net Queue (0) - More links...|
Send comments or solutions
- Notify me when updated