TSSUTIL Report Event Counts

Document ID : KB000111439
Last Modified Date : 16/08/2018
Show Technical Document Details
Question:
In the following, INITS+VIOLATIONS+ACCESS does not add up to the SECURITY EVENTS FOUND MATCHING SELECTION CRITERIA count. What can the other events be?
Answer:
The value from the line 'SECURITY EVENTS FOUND' represents the total number of records that have passed the selection criteria and will be included in the EXTRACT or REPORT request, this is an absolute value. The category values for INITS, VIOLATIONS, and ACCESSES were never intended to add up to the value of total events since the do not represent all the record types to be included. They are just to be used as summaries for that category. In fact, the VIOLATION count could include events that are also recorded in both INITS and ACCESSES, so in many cases the count is doubled for those events matching both an INIT / ACCESS and a violation.