By default, unless one or more users are specified in the People Picker, all SharePoint users are included in the ControlPoint Audit Log analysis.
ControlPoint Application Administrators can, however, exclude certain users from these analyses by entering the user account name(s) as the Value for the ControlPoint Configuration Setting Users to Exclude from Audit Log Analyses (ExcludedUsersAudit). Enter multiple account names as a comma-separated list.
You may, for example, want to exclude common system accounts such as SharePoint\System.
NOTE: You must exclude users based on full account names (sometimes known as pre-Windows 2000 account names in Active Directory), not display names. For example, you cannot exclude system accounts by entering the display name System Account.
Note that you can still run Audit Log analyses on excluded users if you enter them in the People Picker.
NOTE: Users can be excluded from permissions and activity analyses via the ControlPoint Configuration Setting Users to Exclude from Reports (EXCLUDEDUSERS).
By default, ControlPoint Audit Log analysis results include name of the Site on which audited activity occurred. The process required for ControlPoint to collect this information is time-consuming and may affect performance, especially if the scope of the analysis is large.
ControlPoint Application Administrators can, however, prevent this process from being carried out by changing the ControlPoint Configuration Setting PROCESSAUDITNAMES from True to False.
Note that, if PROCESSAUDITNAMES is set to false, you can use the url to identify the site where audited activity occurred.
The following ControlPoint Sentinel Anomalous Activity Detection settings display under the category Audit Log.
·Enabling Anomalous Activity Detection via the ControlPoint Scheduled Job Review
·Changing the Subject and/or Body of Anomalous Activity Detection Emails
As part of preparing your environment for using ControlPoint Sentinel, Anomalous Activity Detection must be enabled to run:
·via the ControlPoint Anomalous Activity Detection job in Central Administration
OR
·as part of the ControlPoint Scheduled Job Review, by changing the ControlPoint Setting Enable Options That Require Anomalous Activity Detection from False to True.
NOTE: This is an Advanced Setting in the Audit Log category.
See also "Preparing Your Environment for Using ControlPoint Sentinel" in the ControlPoint User Guide.
© 2024 Quest Software Inc. ALL RIGHTS RESERVED. Nutzungsbedingungen Datenschutz Cookie Preference Center