THE INFORMATION IN THIS ARTICLE APPLIES TO:
- EFT v8.0 and later
DISCUSSION
The following Advanced Properties enable EFT to skip auditing specific items:
- AuditBannedSocketConnections - Skip auditing of banned socket connections. Default = true.
- AuditFailedAuthforNonExistingUsernames - Skip auditing of all invalid username authentication attempts. Set to False by default.
- AuditFailedAuthforUsernameRoot - Skip auditing of ‘root’ and ‘administrator’ invalid username authentication attempts. Set to False by default.
- AuditFailedSocketConnectionsOther - Skip auditing of other failed socket connections. Set to True by default.
- AuditIgnoreFailedAuthforNonExistingUsernames - Skip auditing of usernames that are not a user in EFT. (introduced in EFT Arcus in v7.4.14)
- AuditIsInternal - Skip auditing of non-CRUD (IsInternal) transactions. Set to False by default.
- AuditIsRESTAdmin - Skip auditing of Administrative REST calls. Set to False by default.
- AuditIsRESTRAMAgent - Skip auditing of RAM REST calls. Set to False by default.
- AuditIsRESTUSER - Skip auditing of user-initiated REST calls. Set to False by default.
- AuditIsRESTWorkspacesInternal - Skip auditing of Workspaces config REST calls. Set to False by default.
- AuditIUnimportantCommands - Skip auditing of unimportant (non CRUD) operations. Set to FALSE by default.
- AuditRedundantUserAndPass - Skip auditing of username and password for S/FTP/S events. Set to TRUE by default.
- AuditRESTWorkspaces - Skip auditing of Workspaces REST calls. Set to False by default.
- AuditSuccessSocketConnections - Skip auditing of successful socket connections. Set to False by default.
To enable these advanced properties
- Add the applicable name:value pair to the AdvancedProperties.JSON file. You can add multiple name:value pairs. For example:
{
"AuditFailedAuthforNonExistingUsernames":false
"AuditRedundantUserAndPass":false
"AuditSuccessSocketConnections":false
}