locked
EMET Enterprise Reporting RRS feed

  • Question

  • Hello everyone,

    I am just wondering what you are doing for EMET Enterprise reporting? I work on a university with about 2K machines and we are entertaining the idea of using EMET's audit feature to monitor machines for active exploits. We are aware of the option to set up event forwarding to a collection machine but wondered if other options were out there that I hadn't found yet.

    If you have any other suggestions please let me know as the event forwarding is not an ideal solution for us at the moment.

    Thanks!

    -Justin

    Wednesday, November 11, 2015 4:16 PM

All replies

  • I agree that event forwarding is not ideal.  

    If anyone has suggestions/ideas regarding other possibilities, please share.  Any input is welcome.

    Thanks-

    Wednesday, November 18, 2015 5:04 PM
  • I use an event triggered task that sends an email to Service Desk team in case of mitigation. The EMET documentation shows the events EMET creates in the application log.
    Thursday, December 17, 2015 10:02 AM