Events Load

This tab shows information about the database size and amount of low-level events reported to and processed by Enterprise Inspector. A low-level event is something a process does. So, write a file, do a DNS lookup, create a registry entry, etc. Enterprise Inspector analyses low-level events to find suspicious activities and report detections. Low-level events account for most of the database size, so use Event Filters to selectively not store some events and reduce the disk usage. The charts on this page helps find executables that report most of the events and possibly filter them out.

Information and functionality available in this section:

Events processed and stored per computer—shows an average number of low-level events received from a computer and stored in the database. The difference between received and stored values are caused by using Event Filters or configuring Enterprise Inspector not to store all data. Failed purge can indicate a problem with the disk space running low on the database machine, as this process also need free space to be successfully finished

Database size—shows estimated database size and current free disk space

Events per executable instance—shows the number of events executed per executable instance on a single computer

Events per executable—shows the number of events executed by the executable on all computers within the network

Top executable instances—shows the list of executable instances, sorted by the highest events count on a particular computer

Top executables—shows the list of executables, sorted by the highest events count within the whole network

The option to filter events is available through the Executables tab.

Consider using event filters to reduce the disk space usage or to lower the load of the server. The best practice is to:

a.Go to Dashboard->Events load.

b.In the Events per executable instance or the Events per executable window, choose the column with the highest events generated.

c.From the list, click on the executable that you analyzed as safe (for example, operating system executable generating a lot of events).

d.Click the Filter Events button.

e.In the Event type, select the event types that generate most of the events.

The user can also change frequency and send events less often.

In the ESET PROTECT, create a new policy. In Settings, select ESET Enterprise Inspector Agent, and in the Interval of sending events to the server (minutes), select desired time of sending events (minimum is 5).

Columns

Columns can be reorganized by using the Columns_Move icon that appears on the right side of the column name when you hover the mouse over the column name.

The width of the column can be re-sized by the Column_Resize icon that appears on the left side of the column name when you hover the mouse over the column name.

The order of the columns can be organized by clicking the name of the column:

Default (No icon)

Ascending Column_Ascending

Descending Column_Descending

You can change which columns are displayed after clicking the gear icon and selecting the Select column option, or you can reset the view to default by clicking the Reset columns option. You can use Enter quick search pattern—here, you can search for the column by typing its name or a couple of letters from it. Useful if the list of columns is long. For the definitions of the columns follow here.