Using Compliance Event Manager to write to the console when a certain list of TSS administrative commands are issued.
Created an event and entered all TSS commands they want to track. AND is used for each command. Added the event to an active policy set.
But none of the TSS commands entered is causing an alert to be triggered and the TSS commands is being written to the console.
Release : 6.0
Component : COMPLIANCE EVENT MANAGER
Should use OR instead of AND as the boolean expression when entering the list of commands to get alerted for.
With AND, for the condition to be true, all the TSS admistrative commands added in the event must be entered all at once.
No one will ever be issuing all of the TSS administrative commands all at once.
With OR, only one command in their TSS administrative command list needs to be issued for the condition to be true.