New Intrust Setup/configuration

After enabled many rules in the InTrust Manager.  How can I test to make sure the notification (email) on the rules is actually working so that when a real event occurs I will be notified?

  • Hi dbarman,

    I don't see any other way than producing the necessary events on the target machine. All other actions like for example simplify the rule temporarily, won't reassure you the original one is working...

  • So how do I know if the software is working properly.  Doesn't there exist a test or diagnostic in the software to confirm this?

  • Version 11.4 introduced a new feature Self-Auditing Capabilities for InTrust Server and InTrust Agent. There are Real-Time Monitoring-related agent-side events like 4114 "Monitoring rule added to agent" and 4117 "Monitoring rule activated on agent". In addition, version 11.4.1 introduced the Logging of Real-Time Monitoring Rule Matches and Alerts: "Event Log Recipient is a new type of notification recipient (formerly, operator) that makes it possible to use Windows event log as the notification destination. If this recipient is specified for a real-time monitoring rule, then InTrust generates an event about how the rule was matched and includes alert data. These events are written to the InTrust log." Hope these two are what you are looking for. But again, in my opinion the best way to check the rule's 100% functioning is to produce the alert-triggering event intentionally.