Skip to Content

Device Activity report

All basic security strategies require tracking of device activity, related to servers and security appliances containing sensitive data for an organization. This might include Windows servers, UNIX servers, routers, firewalls, and various network appliances. This might also include applications running on the various platforms; however the essential audit component that can serve as a starting point for the security strategy is traditionally taken to be the managed device, that is a device sending messages to the BMC Defender Server or other log managers.

The BMC Defender Device Activity report facility furnishes reports on the activity of each managed device, useful for verifying that critical devices are tracked in compliance with various standards. The Device Activity reports demonstrate each critical device is being monitored and show useful statistics for each device.

The report facility scans the list of received messages and tabulates key metrics for each managed device. The report is especially useful to auditors because it easily furnishes evidence that all critical devices on the system (or devices of a particular type, such as database servers) are accounted for and managed by the security personnel for the organization.

Warning

Note

The Device Activity report facility provides information related to the Messages > Catalogs > Devices screen, in that it furnishes a way of tracking device activity. However, unlike the Messages > Catalogs screen, the Device Activity report does not operate in real-time, and generates reports at midnight or on-demand across all messages, and performs special processing to tabulate metrics for each user on the system that might not be otherwise available to the operator.

This section provides information about the following topics:

Related topic

BMC-Defender-Audit-Report-facility


 

 

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*

BMC AMI Command Center for Security 6.0