If you want to export events that occurred in a specific managed application installed on the managed devices, mark the events for export in the application policy. In this case, the marked events are exported from all of the devices included in the policy scope.
To mark events for export for a specific managed application:
The policy settings window opens.
You can also mark an event for export to a SIEM system in the Event registration section, which opens by clicking the link of the event.
The marked events from the managed application are ready to be exported to a SIEM system.
You can mark which events to export to a SIEM system for a specific managed device. If previously exported events were marked in an application policy, you will not be able to redefine the marked events for a managed device.
To mark events for export for a managed device:
The list of managed devices is displayed.
The properties window of the selected device is displayed.
Also, you can mark an event for export to a SIEM system in the Event registration section, that opens by clicking the link of the event.
From now on, Administration Server sends the marked events to the SIEM system if export to the SIEM system is configured.