Defining rules for external events

External event audit rules allow you to collect certain events that occur on workstations, but which did not originate from standard SES Evolution components:

  • Windows events,
  • Events that the OSSEC analysis engine reported.

When the rule is enabled, collected external events will appear as logs in the Agent logs panel of the administration console and on the SES Evolution agent interface.