System Configuration
Remote Security Rules
Event Sources
1 min
the first thing you see is the list of event sources (or event generators) for the selected role's rule set this list is primarily used for the definition of blacklisted applications associated with process monitoring unless otherwise guided to do so, you can leave this list alone see event sources docid\ m7mjn8sylcnypukjurckb for more details if needed source description / generated events clipboardmonitor monitors for agent pressing ctrl c (copy) or printscreen generated event(s) blacklistedkeystrokedetected displaydetect monitors for external displays being attached to the agent's system generated event(s) externalmonitordetected eventanalytics this source supports desktop process analytics monitorprocesses monitors for processes configured for blacklisting by agent state "na" state = prior to the agent being logged in / authenticated "all" state = once the agent is logged in / authenticated) generated event(s) unauthorizedprocessdetected networkdetect monitors for network connection / disconnection on the agent's machine generated event(s) networkconnectiondetected networkdisconnectiondetected printerjobs monitors for printing jobs to be queued on the agent's machine generated event(s) unauthorizedprintingdetected screenblocker this source supports the event actions blackout, releaseblackout, and lockscreen storagedetect monitors for external storage to be connected to the agent's machine generated event(s) removabledrivedetected tcie for future use