This article applies to:
- Trustwave SEG 8.0.3 and above
Question:
- How can I determine who made changes to SEG policies and rules, and when the changes were made?
Procedure:
MailMarshal (SEG) 10
See the Audit History item in the Management Interface.
SEG 8.0.3 through 8.2.X
The following information is available in the Configurator for each Policy Group and Rule:
- Created By (Windows user)
- Created Time
- Last Modified By (Windows user)
- Last Modified Time
Additionally, the Array Manager text log (8.0.3 and above) includes a line titled AUDIT for each creation, deletion, or update of a Policy Group or Rule.
Notes:
- The MailMarshal (SEG) 10 audit information is stored in the Config Service database.
- The SEG 8.X audit information is stored in the product configuration (Registry) and is included in backups.
- The Registry values are created in SEG 7.3 and above. Values stored by earlier versions will display in the Configurator after upgrade to 8.0.3 or above.