Related Products
ADManager Plus

Active Directory Management & Reporting
Download | Demo
ADAudit Plus

Real-time Active Directory Auditing and UBA
Download | Demo
ADSelfService Plus

Self-Service Password Management
Download | Demo
Exchange Reporter Plus

Exchange Server Auditing & Reporting
Download | Demo
AD360

Integrated Identity & Access Management
Download | Demo
Log360

Comprehensive SIEM and UEBA
Download | Demo

Download PDF lhs-panel

Click here to expand

Manage Profiles

With EventLog Analyzer, you can centrally view and manage the configured alert profiles.

In the Manage Profiles tab, you can add, enable, disable, export, and import alert profiles.

Here, you can also filter a specific category of alert profile by selecting the required option from the drop-down.

Import Alert Profiles

Alert profiles can be imported or exported by clicking on the Import option. Once you select an option, you will get the message below.

Select the file from which you wish to import the alert profiles by clicking on Browse.

In case an imported alert profile is similar to an existing alert profile, you will get the message below. To overwrite an existing profile with an imported profile, select the required profile and click on Import.

What are Sigma rules?

Sigma is a text-based format for describing security events in log data, which simplifies security threat detection.

EventLog Analyzer allows you to import these rules in the Alerts tab.

From Alerts:

Navigate to the Alerts tab, and select Manage Profiles. Choose the Import option.

EventLog Analyzer supports importing Sigma rules from YML files.

During the import process, you will have the option to map fields and the log type associated with the Sigma rule. Click Save.

Click Save to finalize the import process. EventLog Analyzer will store the imported Sigma rule profile along with its defined criteria.

Note: False positives mentioned in the Sigma rule file are not included in the criteria. Users have to manually add those criteria after importing the Sigma rule file.

Export alert profiles

To export alert profiles, select the required alert profiles and click on Export.

Note: Default alert profiles cannot be exported.

Filtering alert profiles

To filter alert profiles based on the number of alerts raised, click on the number of alerts under the No. of Alerts column.

Showing and select the required category.

To configure notifications for the alert:

To configure notifications for the alert, click on configure. You will be directed to the edit alerts page. You could set the notification type there.

Delete Alert profiles

To delete an alert profile, select an alert profile and click on the delete option. A pop-up like the one shown below will appear. Click on yes to proceed.

delete-show-import-export-alert-profiles