Overview
GFI EventsManager includes an Operational Time option through which you specify the normal working hours of your event source groups. This is required so that GFI EventsManager can keep track of the events that occur both during and outside working hours.
Use the operational time information for forensic analysis to:
- Identify unauthorized user access
- Identify illicit transactions carried outside normal working hours
- Other potential security breaches that might be taking place on your network
Operational Time is configurable on a computer group basis. This is achieved by marking the normal working hours on a graphical operational time scale which is divided into one-hour segments.
Process
To configure event source properties:
- Navigate to Configuration tab > Event Sources > Group Type.
- Select Event Sources Groups.
- To configure settings of a:
-
Computer group:
- Right-click on the computer group to configure.
- Select Properties
-
Single event source:
- Right-click on the source to configure.
- Select Properties.
-
Computer group:
- From the Operational Time tab, mark the time intervals of your normal working hours.
Note: Cells marked blue represent your normal working hours.
- Click Apply and OK.