How to configure Business Hour Settings
Objective
Business Hour Settings in EventLog Analyzer help organizations define their standard working hours within the application. This feature allows users to filter and analyze event logs based on business or non-business hours, facilitating better incident detection and operational analysis. By focusing on critical events that occur outside standard hours, businesses can improve threat detection, automate alerts, and streamline their auditing processes. This document provides step-by-step instructions on how to configure Business Hour Settings in EventLog Analyzer.
Prerequisites
Ensure you have logged in to the EventLog Analyzer console as the default built-in admin. If you are using two working hour ranges, ensure they are not overlapping. To create two different working hour ranges, validate your organization specifics and add two entries as per the below instructions.
Note: If two working hour ranges with overlapping hours are configured, EventLog Analyzer will set the working hours to be the entire range, from the least to the highest value. For example, if the configured time ranges are 8 to 12 and 5 to 11, EventLog Analyzer's working hours will be set as 5 to 12.
Steps to follow
Step 1: Log in to EventLog Analyzer with administrative privileges.
Step 2: Navigate to Settings > Admin Settings. Under General click Working Hour Settings.
Step 3: Configure the following:
- Configure your organization's working hours by selecting appropriate From and To values.
- To configure multiple time ranges, click the + icon and select the next working hour range.
- Once the necessary working hours have been selected, click Save.
Once enabled, these settings can be leveraged across searches, reports, and alert profiles to segregate business-hour versus non-business-hour events.
Tips
- You can configure a working hours filter to automatically trigger alerts and follow‐up workflows. For example, if someone accesses a Domain Controller outside of business hours, you could automatically disable their account and notify the security team.
- When investigating specific security incidents—either via prebuilt reports or via ad‐hoc searches—you can apply the same business‑hours filter to highlight any events that occurred outside of regular business times.
Related topics and articles
New to ADSelfService Plus?
Related Articles
How to Configure CAPTCHA Settings in EventLog Analyzer
Objective To guide administrators in enabling and customizing CAPTCHA settings on the EventLog Analyzer login page, enhancing protection against automated brute-force attacks while providing flexibility in user experience and accessibility. ...How to configure Windows file integrity monitoring
Objective This article provides step-by-step instructions to configure Windows file integrity monitoring (FIM) in EventLog Analyzer. FIM is a feature that helps you monitor all changes (additions, deletions, and modifications) made to files and ...How to configure daily email limit notifications in EventLog Analyzer
Objective EventLog Analyzer provides an option to set a daily limit on the number of emails sent from the application. This helps prevent overloading your email server or exceeding the quota set by your email service provider. You can also choose to ...How to configure log collection filters in EventLog Analyzer/Log360
Objective EventLog Analyzer offers log filtering capabilities, so that you can filter/remove/exclude unwanted events being collected or collect only the logs you actually need, by avoiding noisy events being collected. Filters let you include or ...How to configure notifications for low disk space in EventLog Analyzer
Objective EventLog Analyzer allows you to configure email alerts for low disk space on the installation drive. When free space drops below a specified limit, an automated notification is sent, helping you take action before log collection or ...