I am in the need for some suggestions. I know there is a way for an executable or batch file to run after when a single alert event happens, under the notifications conditions area of SEPM. But would like to find a way to generate additional information.
This is what I would like it to do.
When an alert it triggered, SEP or some other application, grabs all the information that is needed to generate a report as to what the user was doing. For example key-logging and IE history. We have had issues in the past where users, lets say weren't doing their job, has completely denied any wrong doing while visiting sites that perhaps they shouldn't be visiting. They dump their cache and other things.
In know there are packet and traffic logs available, but most of the time they are useless, especially if 24 hours or more have passed.