The Zercurity events view is your first point-of-call to see a complete audit of every action performed by each user under your company.
Level There are 3 distinct audit levels to your events; INFO, WARN and ALERT.
- INFO: Just an informal message. Keeps a record of actions being performed within the application.
- WARN: Warning messages are something you should pay attention too. You will receive warning messages when tasks don’t complete due to miss-configuration. Or a particular fails to complete. Warnings are useful to help with troubleshooting.
- ALERT: Alerts aren’t necessarily bad. They’re used to draw your attention toward something. Such as; a new asset being added. Alerts will always be forwarded to you as an email.
Action The action that was performed. These can range from users being created to the change of an object within the Zercurity application. For example if an Osquery query is modified or a new hash is added to the Santa blacklisting.
Message A description of the event. These are procedurally generated from the information in the event.
Timestamp The timestamp of when the event was created.