Select Reports > Portal > Repository > Standard Content > Foundation.
In general, you should consistently monitor host-based events that indicate unauthorized activities. For example, a malicious user or program might start and stop host services and anti-virus programs. Additionally, they might clear the audit log to hide their actions on a host.
To monitor unusual activity that affects hosts, use the following reports:
Reports the volume of activity by reporting anti-virus service. The table provides results by event name, count, affected host, and outcome.
Reports the top IP addresses where an anti-virus service has been stopped or paused. The table provides results by host, service name, and number of events.
Reports the number of times that the audit log has been cleared by user, host, and date.
Reports the number of failures in updating anti-virus software by date and host.
Reports the top system errors and warnings by host. You could identify issues associated with specific errors or warnings, such as privileged objects and users, password changes, and login failures. Alternatively, you could sort the table by the reported hosts to review the types of issues affecting each host.
Reports the top 10 services that have been shut down in your environment. The table provides a summary of all services, including the associated hosts.
Reports the top 10 services that have been started in your environment. The table provides a summary of all services started, including the associated hosts.