Table of Contents
- Introduction
- System Requirements
- Assign Service Logon As Credentials
- Server Configuration
- Agent-Based Monitoring
- Data Providers
- Directory Services
- Audit Work Items
- Hosts
- Templates
- Template Properties
- Batch Update Templates
- Log Management Templates
- File and Directory Monitor Templates
- Windows Monitor Templates
- Account Lockout Monitor Template
- Logon Monitor Template
- CPU Monitor Template
- Memory Monitor Template
- Disk Space Monitor Template
- SMART Monitor Template
- Process Monitor Template
- Service Monitor Template
- Performance Counter Monitor Template
- PowerShell Script Template
- Registry Value Monitor Template
- Active Directory User Monitor Template
- Active Directory User Integrity Monitor Template
- Task Scheduler Template
- Clock Synchronization Template
- Defragment NTFS Disks Template
- Network and Application Monitor Templates
- Database Monitor Template
- Directory Service Monitor Template
- DNS Blacklist Monitor Template
- DNS Monitor Template
- Domain Expiration Monitor Template
- Network Speed Monitor Template
- Ping Monitor Template
- Database Table Reseed
- SQL Server Shrink and Backup Template
- SSH Shell
- TCP Port Scan Monitor Template
- Website Monitor Template
- SSL Certificate Monitor Templates
- Email Monitor Templates
- SNMP Monitor Templates
- Monitors
- Reports
- Auto-Configurators
- Filters
- Actions
- Schedules
- Environment Variables
- Options
- Account Lockout Monitoring and Reporting
- SNMP
- SSH Shell
- Exporting and Importing Configuration Objects
- Shared Views
- Auto-Config Host Assignment Properties
- General Executable Properties
- Assign Actions
- Assign Directories
- Assign Disks
- Assign Shares
- Assign Files
- Assign Consolidated Logs
- Assign Event Logs
- Assign Azure Audit Logs
- Target Files and Sub-Directories
- Define Log Entry Columns
- Define Log Entry Columns with Regular Expressions
- Define CSV and W3C Log Entry Columns
- Active Directory User and Group Filters
- Explicitly Assigned Logs
- File Explorer
- Report Columns
- Report Date/Time Ranges
- Report Security Event Log Filters
- Select Folder or File
- Executable Timeline
- Command Line Interface
- Troubleshooting
- Terminology
C# Script Filters
C# Script filters enable you to program your own filters using the C# language. The C# script editor is implemented using Roslyn, an open-source component. The Roslyn editor supports line numbers, color coding and auto-suggest.
| Supported Log Types |
|---|
| Azure AD Audit Log |
| Event Log |
| Syslog |
| Text Log |
| SNMP Trap |
How to configure C# script filters:
- From the Menu Bar select File | New. The Create New Object View displays.
- Select Filter. The New Filter view displays.
- Use the Name text box to specify a unique name.
- From the Type drop-down select the type of object to create the filter for.
- From the Sub type drop-down select C# Script. The C# Script Filter View displays.
- Each function signature includes an interface to the object type (e.g. IGraphAuditLogEntry, IEventLogEntry, ISyslogEntry. ITextLogEntry and ISnmpTrapEntry).
- Use the C# Script editor to program your filter.
-
Use the Compile
button to verify the script compiles without any errors.
Compile errors are displayed at the bottom of the screen and include the line and column numbers each error occurred. All compile errors must be resolved.
Sample C# Script Event Log Filter:
Interface Reference
Azure AD Audit Log Entries
namespace CornerBowl
{
public interface IGraphAuditLogEntry
{
string Log { get; }
DateTime DateTime { get; }
string Status { get; }
string CorrelationId { get; }
string MetaData { get; }
string Message { get; }
string Service { get; }
string Category { get; }
string Activity { get; }
string User { get; }
string IP { get; }
string Application { get; }
string Location { get; }
string RiskType { get; }
string RiskState { get; }
string DetectionTimingType { get; }
string RiskDetail { get; }
string TokenIssuerType { get; }
}
}
Event Log Entries
namespace CornerBowl
{
public interface IEventLogEntry
{
string Log { get; }
EventLogEntryType Level { get; }
string Source { get; }
string Category { get; }
uint EventIdentifier { get; }
int EventId { get; }
string User { get; }
byte[] Data { get; }
ushort CategoryId { get; }
string[] InsertionStrings { get; }
uint RecordNumber { get; }
string Message { get; }
DateTime DateTime { get; }
}
}
Syslog Entries
namespace CornerBowl
{
public interface ISyslogEntry
{
string Log { get; }
Priority Priority { get; }
Facility Facility { get; }
string Application { get; }
string ProcessId { get; }
string MessageId { get; }
string Data { get; }
string Message { get; }
DateTime DateTime { get; }
}
}
Text Log Entries
namespace CornerBowl
{
public interface ITextLogEntry
{
string Log { get; }
string Message { get; }
DateTime DateTime { get; }
}
}
SNMP Traps
namespace CornerBowl
{
public interface ISnmpTrapEntry
{
string TrapOid { get; }
string Oid { get; }
SnmpDataTypes DataType { get; }
string Value { get; }
DateTime DateTime { get; }
}
}