Configuring event source operational time

GFI EventsManager includes an Operational Time option through which you specify the normal working hours of your event source groups. This is required so that GFI EventsManager can keep track of the events that occur both during and outside working hours.

Use the operational time information for forensic analysis; to identify unauthorized user access, illicit transactions carried outside normal working hours and other potential security breaches that might be taking place on your network.

Operational time is configurable on computer group basis. This is achieved by marking the normal working hours on a graphical operational time scale which is divided into one hour segments.

To configure event source properties:

1. From Configuration tab > Event Sources > Group Type, select Event Sources Groups.

2. To configure settings of a:

  • Computer group - right-click on the computer group to configure, and select Properties
  • Single event source - right-click on the source to configure, and select Properties.

Specify operational time

3. From Operational Time tab, mark the time intervals of your normal working hours.

Note

Cells marked blue represent your normal working hours.

4. Click Apply and OK.