• How to obtain all Windows Event Logs in "English" language?

    We have locations worldwide.

    When I review the logs, I can see some event data is writen in english, some in german, some in russian, some in chinese.

    This makes the process for the analyst very hard and frustrating.

    Is there a way to collect the whole…

  • Intrust Auditing report?

    I run a report for a user that details access for the week for a specific folder on a server.  The user says they get too much information and just want the info. who accessed a file, read it and\or modified it.  There are numerous choices under "select access…

  • Rule expression language - more information


    does anybody have more information about the "REL" language used by Quest for real-Time monitoring or in the repository viewer?

    on the quest websites you do not find much information, so I am stuck with creating own searches in repository…

  • How to implement Sigma Rules for own Repository Queries


    I would like to implement Sigma rules for Intrust. Is there a convertert or is there a implementation already planned?

  • [New] InTrust ETW provider Technical Preview

    We are happy to announce an InTrust add-on that can enable collection of ETW debug traces from windows machines.

    What is ETW traces?

    ETW datasource is capable of automatically enabling and collecting ETW traces into the InTrust repository. In the Technical…

  • New Intrust Setup/configuration

    After enabled many rules in the InTrust Manager.  How can I test to make sure the notification (email) on the rules is actually working so that when a real event occurs I will be notified?

  • Notification Template


    I need some help to build a new notification template.

    The gooal is to receive notification that show if a Task run succesfully or on error.

    What i need to write on the SQL Query field on the Notification Template?

    Thank for help me


  • Intrust Deployment Manager

    Is there a way to export data from the deployment manager through email or saving a local copy of the data?

  • InTrust Knowledge Pack for Azure Technical Preview

    InTrust Knowledge Pack for Azure Technical Preview

    R&D is proud to release a piece of InTrust technology which is currently in the making.

    Cloud IaaS becoming a more prominent part of the everyday life of IT admins nowadays, so we are working on…

  • InTrust script to enumerate laptop or desktop computers by AD Site.

    In our AD forest they have put all desktop and laptop computers from all AD sites in the same OU. All the desktop computer names begin with "D" and all the laptop computer names begin with "L".
    I would like to be able to build separate…
  • Quest InTrust Deployment Manager - status Not installed

    Hi Quest,

    Environment: InTrust Server Windows Server 2012r2


    I use InTrust to collect event logs from Domain Controllers.

    I recently noticed that when checking Deployment Manager that my DCs are listed as 'not Installed'.

  • Audit logon events


    I would like to know if there is a way to use InTrust in order to have reporting for user logon. To my understanding the way to do it is to configure a gather of the security log either on the DCs or the servers and workstations or on all of them…

  • Unable to open repositories with Repository Viewer

    I moved a repository from a nearly full local drive to a large iSCSI volume. After the move, gather jobs still seem to work fine since the repository is growing at the same rate as before. However, I cannot open the repository with Repository Viewer.…

  • Missing Permissions to create default profile for IT Monitoring Console

    I have read all the permissions needed to create the default profile for IT Monitoring Console. The application is installed however, the default profile isn't showing. I am curious to know if I am missing some permissions somewhere as when I try to actually…

  • Deployment Manager: Last Event more than 3 weeks old

    InTrust: version 11.2

    Collection comprised of only Domain controllers.


    Collecting status is green, however, the Last Event collected is more than 3 weeks old for each Domain Controller. I opened repository Viewer and ran a query. Most current events…

  • Intrust 11.3 repo viewer crashes when clicking on custom searches

    I am reaching out to see if there is a solution to repo viewer crashing when trying to use a custom search. I am getting Event ID 1026 and 1000. I see there was an issue with this with 2003 servers, but I am running 2012 R2 and I am not able to uninstall…

  • Repository Viewer connection issue

    How do I connect to the Repository Viewer from my Desktop?  When I connect from the server it works but from my workstation I get the following error:  "Could not open repository <my repository name here>.  Error Details: A security package specific…

  • How to perform InTrust Server Rollback when the Production InTrust Server back online

    "InTrust server is down" rule will failover to the Standby InTrust server in the same InTrust Organization.

    How to perform InTrust Server Rollback when the Production InTrust Server back online?

    As per Quest Support KB Article, there is a rollback…

  • Gather Change Auditor events

    Hello all,

    I would like to ask if someone can provide a very high level bullets style guide with all the necessary steps on how i can gather and report events from CA. For example:

    • Install InTrust agent at CA server
    • From the InTrust manager go to Sites…
  • InTrust Manager - Repositories access denied


    I have this error and I can't solve it:

    Indexing of long-term items for repository "XXX" failed. Reason: Operation failed on agent localhost. Reason: 'Access is denied.  (Win32 error: 5)'.

    Someone can help me please?
  • Deployment Manager Collection is empty



    Just by luck, I decided to control my Deployment Manager collection to make sure it was collecting events form my Domain Controllers. To my surprise, the Collection was empty! Wow !!!!! 

    I opened InTrust Manager and found the following…

  • ANNOUNCMENT: We are now on Twitter!!! Contact a Technical Support expert today.

    Do you have a quick support question and short of time ? Contact us Via Twitter  @QuestExperts and we will take care of you. #Jointheinnovation #WeareQuest

  • Top 5 Knowledge Base Articles:

  • How to get the most out of this forum –best practices for what information to include:

    The better a problem is described, the better the assistance tends to be.

    In order to better assist with your issue at hand, please include the following information in your initial post:


    • Product, Version, and relevant environment details.
    • Include a…
  • Welcome to the InTrust Forum

    You're at the new InTrust Community Forum! Got a question or a thought to share with others? Post it here! And if you have a question on the old site that we haven't answered, post it again here. We’re working on bringing threads over from our old site…