Chat now with support
Chat mit Support

On Demand Audit Current - User Guide

Introducing On Demand Audit Configuring On Demand Audit Change Auditor Integration Working with On Demand Audit Appendix A: Working with Filters Documentation Roadmap

Using built in searches

On Demand Audit provides predefined searches which allow you to quickly retrieve valuable configuration change information from various perspectives. These are shared searches.

Although built in searches cannot be modified, you can create a new search based on it and customize the settings to suit your needs. See Creating a search from an existing search.

The following built in searches are available:

To run a built in search

  1. Select the Searches tab.
  2. Locate the search in the required category.
  3. Highlight the search and click the arrow icon to run it.
From here you can:

Active Directory Built in searches

If you have a Change Auditor installation registered with On Demand Audit, you will have access to the following Active Directory built-in searches:

  • AD all account lockout events in the past 7 days
  • AD all attribute changes in the past 7 days
  • AD all computer events in the past 7 days
  • AD all domain controller events in the past 7 days
  • AD all events in the past 24 hours
  • AD all events in the past 7 days
  • AD all events including ActiveRoles/GPOADmin initiator in the past 7 days
  • AD all forest configuration events in the past 7 days
  • AD all inheritance settings changed events in the past 30 days

  • AD all objects deleted in the past 7 days
  • AD all OU events in the past 7 days
  • AD all replication events in the past 7 days
  • AD all schema configuration events in the past 7 days
  • AD all security changes in the last 30 days
  • AD all site events in the past 7 days
  • AD all user events in the past 7 days
  • AD computers added in the past 30 days
  • AD computers disabled in the past 30 days
  • AD computers enabled in the past 30 days
  • AD computers moved in the past 30 days
  • AD computers removed in the past 30 days
  • AD computers renamed in the past 30 days
  • AD critical group membership changes in the past 30 days
  • AD group added in the past 30 days
  • AD group deleted in the past 30 days
  • AD group member added changes in the past 30 days
  • AD group member removed changes in the past 30 days
  • AD group moved in the past 30 days
  • AD group nested member added changes in the past 30 days
  • AD group nested member removed changes in the past 30 days
  • AD group renamed in the past 30 days
  • AD users added in the past 30 days
  • AD users added to group in the past 30 days
  • AD users deleted in the past 30 days
  • AD users disabled in the past 30 days
  • AD users enabled in the past 30 days
  • AD users locked out in the past 30 days
  • AD users moved in the past 30 days
  • AD users removed from group in the past 30 days
  • AD users renamed in the past 30 days
  • AD users unlocked in the past 30 days

See Change Auditor Integration for details on adding on-premises event data to your On Demand Audit deployment.

Active Directory Federation Services built in searches

On Demand Audit provides the following Active Directory Federation Services built-in search:

  • AD FS All claims provider trust events in the past 30 days

  • AD FS All relying party trust events in the past 30 days
  • AD FS All endpoint events in the past 30 days
  • AD FS All authentication method changes in the past 30 days

  • AD FS All server farm events in the past 30 days

  • AD FS Authentication method registered and unregistered events in the past 30 days

Anomaly Activity built in searches

On Demand Audit provides the following anomaly activity built in searches:

  • Unusual increase in tenant sign-in failure events in the past 30 days
  • Unusual increase in AD account lockout events in the past 30 days
  • Unusual increase in successful tenant sign-in events in the past 30 days
  • Unusual increase in failed AD change events in the past 30 days
  • Unusual increase in permission changes to AD object events in the past 30 days
  • Unusual increase in files shared from OneDrive and SharePoint events in the past 30 days
  • Unusual increase in Office 365 activity by guest user events in the past 30 days
  • Unusual increase in Office 365 activity by anonymous user events in the past 30
  • Unusual increase in Teams guest participant events in the past 30 days
  • All anomaly detected events in past 30 days
Verwandte Dokumente

The document was helpful.

Bewertung auswählen

I easily found the information I needed.

Bewertung auswählen