Windows: Alerts on uninstalled S-TAPs
Uninstalling an S-TAP® might be evidence of harmful activity. The predefined S-TAP Uninstall Alert notifies when an S-TAP is uninstalled. You can view the S-TAP Uninstall Events report in My Dashboards.
By default the alert is scheduled hourly. View and optionally configure the Alert
Receivers in the Alert Builder:
.
Tip: Best
practice is to leave the alert settings at their defaults. If you need to change the configuration,
run the CLI command restart gui so that the changes take effect.
The alert writes to SYSLOG in the format: Alert Name: STAP Uninstall Alert. Alert Description: STAP Uninstall Alert... ...<S-TAP host>. The S-TAP host uniquely identifies the S-TAP. It is usually the database IP.