0 Replies Latest reply on Apr 24, 2020 7:46 PM by eugenea

    Is there a way to include the Host IP (Source IP or Hostname) in the Log Insight User Alerts?

    eugenea Lurker

      Hi Chaps,

      I setup an alert to notify me via email whenever an RDP event log is created.

      This alert is working though what I am figuring out now is how to include the exact Source IP of that RDP session.

      What's included in the alert is the "Network Address" of that endpoint.

      e.g. I RDP in to 10.1xx.10.40, and it only shows the Network address in the alert; which is 10.1xx.10.1.

      Here's the actual email alert:

      _________________________________________________________

      This alert is about your Log Insight installation on https://x.x.x.x/
      Log Insight found the following 1 event matching the criteria for alert "A successful Windows RDP login was detected":
      Remote Desktop Services: User authentication succeeded:

      User: user1

      Domain: domain1
      Source Network Address: 10.1xx.10.1

      Note: To avoid raising duplicate alerts, this alert will now be snoozed for the next 5 minutes (the search period for this alert).

      _________________________________________________________

      I have been searching online and going through VRLI gui one section at a time (including the User alert settings), though I can't seem to find where to configure this.

      Any assistance will be greatly appreciated!
      Thanks mates!

      Sincerely,

      Eugene