Chat now with support
Chat mit Support

On Demand Audit Current - User Guide

Introducing On Demand Audit Configuring On Demand Audit Change Auditor Integration Working with On Demand Audit Appendix A: Working with Filters Documentation Roadmap

Working with critical activity

The Critical Activity page displays a full list of security-related activity, including anomaly detection for unusual spikes in activity, that may indicate a threat to your organization.

By default, the activity is displayed based on priority from high to low. You can sort and filter the list based on priority, critical activity, and event count and select to hide or remove specific events from the display.

From this page, you can see tailored visualizations and metrics to provide more context about the activity and related search and a high-level overview of the item.

This information helps determine if the activity is expected behavior, an actual issue. Anomaly detection allows you to gain further insight into configuration issues which could impact user experience and service availability and help identify compromised devices or malicious activity.


  • Any detected anomalies include an exclamation point in the icon.
  • As events are analyzed and the baselines are updated, the data in the charts will update accordingly. Because of this, some items may disappear in the critical activity pane if they no longer are included in the activity spike.

  • Anomaly detection depends on the users' a time zone. As a result, users within the same organization may see a different set of anomalies.

To view critical activity and configure the display:

  1. Select Critical Activity, and click the activity of interest. When you select an activity, a chart displays information by percentage of user, target, or activity. For unusual spikes in activity, the resulting chart displays the baseline (predicted value), anomalies (unusual increase), and total amounts of activity.
  2. Click on any section of the chart for specific search details, or select View All Events to see all related searches.
  3. If required, select Dismiss Activity to remove the reported results until the next activity is detected or just select to hide future occurrences of this event.
  4. If you have hidden any events and want them added back to the display, select Edit Hidden Items, click the events that you want added back to the view, Remove Selected Items, and Save.
  5. To filter the list of critical events, select Filter, choose if you want to filter on priority (High, Medium, Low), specific critical activity, or number of events.

Working with searches

Working with private and shared searches

When you create a search, you have the option of selecting whether it will be private or shared.

  • Private searches are only visible to the individual who created them.
  • Shared searches are visible to all On Demand Audit users and allow for collaboration with multiple users from the same organization.


  • The ability to set the search type as private or shared depends on your assigned access role within On Demand Audit. For details, see On Demand Audit Access Control roles
  • Private search names must be unique among all categories for each user.

  • Shared search name must be unique among all shared searches in all categories in the organization

  • All private searches (as well a searches under the My Searches category) are listed under the All Private Searches category.
  • Shared searches include an information icon that allows you to see when they were created, last saved, and by whom.



See Creating a custom search, Creating a search from an existing search, and Modifying a search



Running a search

Once On Demand Audit captures an event, you can view all available event data through searches. You can use custom searches based on your own criteria or built in searches that are configured to meet the most common requests. See Creating a custom search and Using built in searches.

NOTE: Custom user-built searches are identified by the following icon to the left of the search.

To run a previously saved or built in search

  1. Select the Searches tab.
  2. Locate the required search in the list of categories.
  3. To run the search, simply click it or highlight it and click the run (arrow) icon.
From here you can:
Verwandte Dokumente

The document was helpful.

Bewertung auswählen

I easily found the information I needed.

Bewertung auswählen