Chat now with support
Chat mit Support

Change Auditor 7.4 - Web Client User Guide

Install Change Auditor Web Client Web Client Overview Overview Page Shared Overviews Administration Page Searches Page Search Results Page Administration Tasks Page Configuration Tasks (Administration Tasks Page) Auditing Tasks (Administration Tasks Page) Protection Tasks (Administration Tasks Page) Change Auditor Client Comparison

Create custom searches

You can create custom search definitions to audit the configuration changes that need to be tracked in your environment. You will use the Search Properties tabs, located across the bottom of the Searches page, to define new custom searches or edit existing search definitions.

Selecting the Private folder will create a search that only you can run and view; whereas selecting the Shared folder will create a search definition which can be run and viewed by all Change Auditor users.
3
Click New Search at the top of the Searches page to activate the Search Properties tabs.

Name your search

3
Optionally select Show as Widget check box

Search for events generated by a specific user, computer or group.

By default, Change Auditor searches for events generated by all users, computers and groups.

1
Click Add to display Add Users, Computers, or Groups dialog.
2
On Select User tab, use Browse or Search page to locate and select the user, computer or group
3
Click Add to add criteria to selection list
4
Click OK to save selection and close dialog
NOTE: Use the Add Wildcard tab to specify a wildcard expression to search for users or groups.
NOTE: Use the Add With Events tab to select a user, computer or group that already has an event associated with it in the database.

Search for events based on subsystem, event class, object class, severity or result.

By default, all entities are included in a new search definition.

1
Expand Add and select an option from the drop-down menu
Event Class - Add Facilities or Event Classes dialog
Object Class - Add Object Classes dialog
Severity - Add Severities dialog
Result - Add Results dialog
Active Directory - Add Active Directory Container dialog
Azure Active Directory - Add Azure Active Directory dialog.
AD Query - Add Active Directory Container dialog
ADAM (AD LDS) - Add ADAM (AD LDS) Container dialog
Exchange - Add Exchange Container dialog
Office 365 Exchange Online - Office 365 Exchange Online dialog
File System - Add File System Path dialog
Group Policy - Add Group Policy Container dialog
Local Account - Add Local Account dialog
Logon Activity - Add Logons dialog
Registry - Add Registry Key dialog
Service - Add Service dialog
SharePoint - Add SharePoint Path dialog
SQL - Add SQL Instance dialog
SQL Data Level - Add SQL Data Level object
3
Click Add to add criteria to selection list
4
Click OK to save selection and close dialog
NOTE: Use the Add With Events tab (instead of the Add tab) on these dialogs to select from a list of objects that already have an event associated with it in the database.

Search for events captured by a specific agent or within a specific domain or site.

By default, all agents will be included in a new search.

1
Click Add to display the Add Agents, Domains, Sites dialog
2
On the Select Object tab, use the Browse or Search page to locate and select an agent, domain or site
3
Click Add to add criteria to selection list
4
Click OK to save selection and close dialog
NOTE: Use the Add Agents tab to select an agent from a list.
NOTE: Use the Add Wildcard tab to specify a wildcard expression to search for domains, sites or agents.
NOTE: Use the Add With Events tab to select agents, domains or sites that already have an event associated with it in the database.

Search for events that occurred during a specific date/time range.

By default, new searches will include the events captured this week.

Search for events originating from a specific workstation or server.

By default, Change Auditor searches for all events regardless of where they originated.

1
Click Add to display the Add Origin dialog.
2
On the Add Wilcard tab, enter a wildcard expression to search for a workstation or server.
3
Click Add to add criteria to selection list
4
Click OK to save selection and close dialog
NOTE: Use the Add With Events tab to select an originating workstation/server that already has an event associated with it in the database.
Save: Saves the search definition without running it.
Save As: Allows you to save the search definition to a different location within the folder hierarchy or using a different name.
Run: Saves and runs the search. A new Search Results page will be added to the web client populated with the events that met the search criteria defined.

Search Properties tabs

Use the Search Properties tabs to view or define search criteria. The following sections provide a description of the fields/controls on each tab:

Info tab: Allows you to enter a name and description for the search.
Who Tab: Allows you to search for events generated by a specific user, computer or group.
What tab: Allows you to search for events based on subsystem, event class, object class, severity or result.
Where tab: Allows you to search for events captured by a specific agent, domain or site.
When tab: Allows you to search for events that occurred within a specific date/time range.
Origin tab: Allows you to search for events that originated from a specific workstation or server.
Alert tab: Allows you to enable alerts for this query and define how and where to dispatch alerts.
Report tab: Allows you to enable reporting for this query and define the report recipients.
Layout tab - Allows you to define the data (columns) to be retrieved from the database and the sort order for displaying the retrieved data.

In addition, the following tabs can be displayed by selecting the appropriate check box on the Searches tab of the Client Settings dialog:

SQL tab - Displays the SQL script used to create the selected search definition.
XML tab - Displays the XML representation of the search criteria.

Info tab

Use the Info tab to view or enter the name and description of a search definition. In addition, you can specify to add this search definition as a widget on the Overview page (Custom Views mode) or a Shared Overview.

Who Tab

Use the Who tab to view or define the users, computers and/or groups to be included in (or excluded from) the search definition. When multiple ‘who’ criteria is specified on this tab, Change Auditor uses the ‘OR’ operator to evaluate events, returning events for activity performed by any of the users, computers or groups listed.

The Who tab contains the following information/controls:

Select this check box to prompt for the ‘who’ criteria when this search is executed. That is, when you select Run, the Add Users, Computers, or Groups dialog is displayed allowing you to locate and select the users, computers, or groups to search.
NOTE: When this check box is checked, the Add tool bar button will be deactivated.
If you are running Active Roles Server or GPOADmin and want to include events generated by Active Roles or GPOADmin in the search, select this check box. Selecting this check box instructs Change Auditor to retrieve all events made by the specified user account, including those initiated by Active Roles and GPOADmin.
For more information, see the Active Roles Server Integration and GPOADmin Integration appendices in the Change Auditor Installation Guide.

Clicking Add on the Who tab displays the Add Users, Computers, or Groups dialog allowing you to select the user, computer or group to be included in a custom search. Use the tabbed pages on this dialog as described below.

Select User

2
Click Add to add criteria to the selection list

Add Wildcard

4
Click Add to add criteria to the selection list.
5
Click OK to save your selections and close the dialog

Add With Events

2
Click Add button to add criteria to the selection list.
3
Click OK to save your selections and close the dialog.
Verwandte Dokumente

The document was helpful.

Bewertung auswählen

I easily found the information I needed.

Bewertung auswählen