Converse agora com nosso suporte
Chat com o suporte

Change Auditor 7.1.1 - Web Client User Guide

Install Change Auditor Web Client Web Client Overview Overview Page Shared Overviews Administration Page Searches Page Search Results Page Administration Tasks Page Configuration Tasks (Administration Tasks Page) Auditing Tasks (Administration Tasks Page) Protection Tasks (Administration Tasks Page) Change Auditor Client Comparison

What tab

Use the What tab to define 'what' entities are to be included (or excluded) in the search. More specifically, using this tab you can create a search for events based on:
Event Class
Object Class
Severity
Result
Subsystem (such as Active Directory, Exchange, Group Policy, and SQL)

When criteria is specified on the What tab, Change Auditor will retrieve only those events that match the criteria listed on the What tab. When multiple ‘what’ criteria is specified on this tab, Change Auditor uses the ‘AND’ operator to evaluate an event and returns only those events that meet all the specified criteria. However, when multiple subsystems (for example, Active Directory, ADAM and Exchange) are specified, Change Auditor uses the ‘OR’ operator to evaluate these entities, returning events that meet any of the specified subsystem criteria. This also applies when multiple event classes are specified. That is, when multiple event classes are specified, Change Auditor uses the ‘OR’ operator and returns any of the specified events.

By default, all events will be included in a new search definition and therefore the list box on the What tab will be empty. Once criteria is added, the list box contains an expandable view displaying the criteria defined for the search definition.

* 
NOTE: Click the expansion box to the left of the What field to expand this view and display additional details, which are dependent on the type of entity.
Add dialogs

To add an entity to the What list, expand the Add command and select the appropriate option. On the dialog that appears, specify the ‘what’ criteria for your search. The following table provides a list of the Add command options available with a brief description, the dialog that is displayed and the criteria that can be specified on each of these dialogs.

* 
NOTE: The different Change Auditor auditing modules must be licensed in order to capture and retrieve their associated events. See the License Required column in the table below to see the Change Auditor license required.
 
Table 11. What tab: Add command options/dialogs
Add command option
License required
Description, dialog and criteria

Event Class

Any

Select to search for events based on the event class or facility to which they belong.

Add Facilities or Event Classes dialog:

1
Select an event class from the list.
2
Click Add and select one of the following options:
Add This Event
Add All Events in Facility
3
If ‘Add Restrictions’ appears in the Restriction cell, optionally, click in the cell to add restrictions pertaining to that event class.
4
Click OK to save selection and close dialog.
NOTE: Use Add With Events to limit the list to events that already have an event in the database.

Object Class

Change Auditor for Active Directory

Select to search for changes to specific object classes (classSchema objects).

Add Object Classes dialog:

1
Select an object class from the list.
2
Click Add.
3
Click OK to save selection and close dialog.
NOTE: Use Add With Events to limit the list to object classes that already have an event in the database.

Severity

Any

Select to search for events based on the severity assigned.

Add Severities dialog:

1
Select a severity from the list.
2
Click Add.
3
Click OK to save selection and close dialog.
NOTE: Use Add With Events to limit the list to severities that already have an event associated with it in the database.

Result

Any

Select to search for events based on the results of the operation mentioned in the event.

Add Results dialog:

1
Select a result from the list.
2
Click Add.
3
Click OK to save selection and close dialog.
NOTE: Use Add With Events to select from a list of results that already have an event associated with it in the database.

Active Directory

Change Auditor for Active Directory

Select to search for changes to objects in selected Active Directory containers.

Add Active Directory Container dialog:

1
Use the Browse or Search page to locate and select an Active Directory container.
You can also select Import Objects to import a .csv file of a list of directory objects. Using this list, you can search for an exact object name or use a wildcard.
The first row of the .csv file must be column names and the first column must be NAME.
2
Click Add to add to selection list.
3
Click in Scope cell to change the scope of the search.
4
Click in Actions cell to change setting. All Actions is selected by default, meaning all activity associated with the object will generate an event.
To select individual actions, you must first clear the All Actions check box.
5
Click in Transports cell to change setting. All Transports is selected by default, meaning all AD query operations regardless of the transport protocol used will be included in the search.
To select individual transports, you must first clear the All Transports check box.
6
Click OK to save selections and close dialog.
NOTE: Use Add Wildcard to specify a wildcard expression to search for Active Directory objects.
NOTE: Use Add With Events to select from a list of Active Directory containers that already have an event associated with it in the database.
NOTE: Use Add Enterprise to add the enterprise to the selection list. When this option is selected, all other containers in the selection list are ignored (appear in red). Also, the scope setting cannot be changed.

AD Query

Change Auditor for Active Directory Queries

ChangeAuditor for LDAP (v 5.x)

Select to search for a specific Active Directory query that was performed against a specified Active Directory object.

Add Active Directory Container dialog:

1
Use the Browse or Search page to locate and select an Active Directory container.
2
Click Add to add to selection list.
3
Click in Scope cell to change the scope of the search.
4
Click in Filter cell to search for an LDAP filter string used in an Active Directory query.
5
Click in Attributes cell to search for attributes that are being queried.
6
Click in Results cell to search for queries that return a specific number of results.
7
Click in Elapsed cell to search for queries that take a specific amount of time to complete.
8
Click in Transports cell to change setting. All Transports is selected by default, meaning all Active Directory queries regardless of the transport protocol used will be included in the search.
To select individual transports, you must first clear the All Transports check box.
9
Click OK to save selections and close dialog.
NOTE: Use Add With Events to select from a list of objects that already have an event in the database.
NOTE: Use Add Enterprise to search the entire enterprise. When this option is selected, all other objects in the selection list are ignored (appear in red). Also, the scope, filter, attributes, results and elapsed settings cannot be changed.

ADAM (AD LDS)

Change Auditor for Active Directory

Select to search for changes to objects in selected ADAM (AD LDS) containers.

Add ADAM (AD LDS) Container dialog:

1
Select CHOOSE COMPUTER link.
2
On the Select the agent that hosts the ADAM/AD LDS Instance dialog, use the Browse or Search page to locate and select the ADAM instance.
3
Click OK to browse the selected instance. If prompted, enter the credentials to be used to access the selected ADAM (AD LDS) instance.
4
Select an object from the list.
5
Click Add to add to selection list.
6
Click in Scope cell to change the scope of the search.
7
Click in Actions cell to change setting. All Actions is selected by default, meaning that all activity associated with the object will generate an event.
To select individual actions, you must first clear the All Actions check box.
8
Click in Transports cell to change setting. All Transports is selected by default, meaning that all AD query operations regardless of the transport protocol used will be included in the search.
To select individual transports, you must first clear the All Transports check box.
9
Click OK to save selection and close dialog.
NOTE: Use Add With Events to select from a list of ADAM (AD LDS) containers that already have an event associated with it in the database.
NOTE: Use Add Enterprise to search the entire enterprise. When this option is selected, all other containers in the selection list are ignored (appear in red). Also, the scope setting cannot be changed.

Azure Active Directory

NOTE: When Azure Active Directory events include multiple targets, Change Auditor identifies these as Target (primary target) and Subject (secondary target).

Change Auditor for Active Directory

Select to search for changes in Azure Active Directory.

Add Azure Active Directory dialog:

1
Select the Category filter to specify the event category to include in the search. Select a comparison operator (Like or Not like) and enter a category name. For example, for activities related to self-service password resets, choose the “Self-service Password Management” category.
2
Select the Activity Type filter to specify the activity to include in the search. Select a comparison operator (Like or Not like) and enter an activity type. For example, for user related activities, select “User” as the activity type.
3
Select the Activity Name filter to specify the activity to include in the search. (For sign-in risk events, this shows the detected activity that occurred on the risk event.) Select a comparison operator (Like or Not like) and enter an activity name (character string and the * wildcard character). For example: Like *delete* searches for events where Activity contains ‘delete’. For a list of all available activities, see the Microsoft article “Audit activity reports in the Azure Active Directory portal”.
4
Select the Activity Details filter to include activity details in the search. (For sign-in risk events use the status of the risk event, such as Resolved). Select a comparison operator (Like or Not like) and enter a full or partial string (character string and the * wildcard character). For example, the 'Self-serve password reset flow activity progress' activity provides several different details including: User started the mobile SMS verification option, User started the e-mail verification option, or User successfully reset password. Leave this filter blank to return events for all activities or narrow the search based on the activity details.

 

 
5
Select the Target filter to specify the target (primary and secondary targets) to include in the search. (For sign-in risk events, the field searches for the risk event type such as Sign-in from anonymous IP address). Select a comparison operator (Like or Not like) and enter a full or partial name (character string and the * wildcard character). The Target filter searches across the following properties: Object Name (Cloud Target Name), Target Display Name, On-Premises Target, Subject Name, Subject Display Name, and On-Premises Subject.
6
Select the Activity Origin filter to specify the activity origin to include in the search. You can choose between Cloud (event activity was performed directly in the cloud) or AD (event activity was originally performed on-premises and was synchronized to the cloud).
7
Select the Sync Type filter to specify the target (primary and secondary targets) synchronization type to include in the search. You can choose between In Cloud (target object exists only in the cloud) and Synced from AD (target object was synchronized from Active Directory)
8
Click Add to add the expression to the selection list.
9
Repeat this process to add any additional expressions to the search query.
NOTE: Use Add Wildcard to specify a wildcard expression to search for Azure Active Directory changes.
NOTE: Use Add With Events to select from a list of Azure Active Directory changes that already have an event associated with it in the database.
NOTE: Use Add all events to add all Azure Active Directory events.
NOTE: When multiple entries are added to the selection list, Change Auditor uses the ‘OR’ operator to evaluate events, returning events that meet any of the entries listed.

Exchange

Change Auditor for Exchange

Select to search for changes to objects in selected Exchange containers.

Add Exchange Container dialog:

1
Use the Browse or Search page to locate and select an Exchange container.
You can also select Import Objects to import a .csv file of a list of directory objects. Using this list, you can search for an exact object name or use a wildcard.
The first row of the .csv file must be column names and the first column must be NAME.
2
Click Add to add to selection list.
3
Click in Scope cell to change the scope of the search.
4
Click in Actions cell to change setting. All Actions is selected by default, meaning all activities associated with the object will generate an event.
To select individual actions, you must first clear the All Actions check box.
5
Click in Transports cell to change setting. All Transports is selected by default, meaning that all AD query operations regardless of the transport protocol used will be included in the search.
To select individual transports, you must first clear the All Transports check box.
6
Click OK to save selection and close dialog.
NOTE: Use Add Wildcard to specify a wildcard expression to search for Exchange containers.
NOTE: Use Add With Events to select from a list of Exchange containers that already have an event associated with it in the database.
NOTE: Use Add Enterprise to search the entire enterprise. When this option is selected, all other containers in the selection list are ignored (appear in red). Also, the scope setting cannot be changed.

Office 365 Exchange Online

NOTE: Use Add With Events to select from a list of Exchange Online mailboxes that already have an event associated with them in the database.
NOTE: Expand Add All and select one of the following to search for ‘all’ Office 365 Exchange Online events: All Office 365 Exchange Online Events, All Office 365 Exchange Online Mailbox Events, or All Office 365 Exchange Online Administration Events. When one of these options is selected, all other entries in the selection list are ignored (appear in red).

Change Auditor for Exchange

Select to search for changes to a specific Exchange Online mailbox.

Office 365 Exchange Online dialog:

1
Select whether you are adding a Mailbox or Cmdlet event.
2
If Mailbox Event is selected:
To search for changes to a specific mailbox or a specific folder in all monitored mailboxes:
Select Mailbox Name and/or Folder Name, select the comparison operator to be used: Contains or Does not contain. Enter the name (or partial name) of a mailbox/folder to be used to search for a match. (Case sensitivity is based on your SQL setting). Click Add to add criteria to selection list.
If both the Mailbox Name and Folder Name are specified, both expressions must be met.
To search for changes by specific on-premises users:
Select On-Premises User Name, select the comparison operator to be used: Like or Not like and enter the name (or partial name) to be used to search for a match. (Case sensitivity is based on your SQL setting.) Click Add to add the criteria to the selection list.
To search for changes for specific targets (either based on the SAM account and domain name of the on-premises mailbox account that corresponds to the cloud-based mailbox account or based on the mailbox account display name):
Select On-Premises Target Name or Target Display Name, select the comparison operator to be used: Like or Not like and enter the name (or partial name) to be used to search for a match. Case sensitivity is based on your SQL setting. Click Add to add the expression to the selection list.
To search for changes in mailbox accounts based on how they are synchronized:
Select Target Sync Type, select In cloud to include mailbox accounts created in the cloud or Synced from AD to include mailbox accounts that have been synchronized from your on-premises Active Directory directories. Click Add to add the expression to the selection list.
NOTE: When multiple entries are added to the selection list, Change Auditor uses the ‘OR’ operator to evaluate events, returning events that meet any of the entries listed.

 

 

If Administration Cmdlet Event is selected:
Select Cmdlet and/or Cmdlet Object check box.
Select the comparison operator to be used: Contains or Does not contain.
For Cmdlet, enter the ‘command’ to be used to search for a match. For Cmdlet Object, enter the name (or partial name) of a mailbox to be used to search for a match. Case sensitivity is based on your SQL setting.
Click Add to add criteria to selection list.
If both the Cmdlet and Cmdlet Object are specified, both expressions must be met.
Click OK to save the selection and close the dialog.

File System

One of the following:

Change Auditor for Windows File Systems

Change Auditor for NetApp

Change Auditor for EMC

Select to search for specific file system events.

Add File System Path dialog:

1
Enter a file or folder path.
2
Click Add to add to selection list.
3
Click in Scope cell to change the scope of the search.
4
Click in Actions cell to change setting. All Actions is selected by default, meaning that all activity associated with the file system will be included in the search.
To select individual actions, you must first clear the All Actions check box.
5
Click in Types cell to change setting. All Types is selected by default, meaning all file system path types will be searched.
6
Click OK to save selections and close dialog.
NOTE: Use Add With Events to select from a list of file system paths that already have an event associated with it in the database.
NOTE: Use Add All File System Paths to search all file system paths. When this option is selected, all other file system paths in the selection list are ignored (appear in red). Also, the Scope and Types settings cannot be changed.

Group Policy

Change Auditor for Active Directory

Select to search for changes to objects in selected Group Policy containers.

Add Group Policy Container dialog:

1
Use the Browse or Search page to locate and select a Group Policy container.
You can also select Import Objects to import a .csv file of a list of directory objects. Using this list, you can search for an exact object name or use a wildcard.
The first row of the .csv file must be column names and the first column must be NAME.
2
Click Add.
3
Click OK to save selections and close dialog.
NOTE: Use Add Wildcard to specify a wildcard expression to search for Group Policy containers.
NOTE: Use Add With Events to select from a list of Group Policy containers that already have an event associated with it in the database.
NOTE: Use Add All Group Policies to search all group policies in the enterprise. When this option is selected, all other containers in the selection list are ignored (appear in red).

Local Account

Any

Select to search for changes to users or groups that reside in local SAM databases of a member server.

Add Local Account dialog:

1
Select a user or group account from the list.
2
Click Add.
3
Click OK to save selections and close dialog.
NOTE: Use Add All Local Accounts to search all local accounts in the enterprise. When this option is selected, all other accounts in the selection list are ignored (appear in red).

Logon Activity

Change Auditor for Logon Activity User for server agents

Change Auditor for Logon Activity Workstation for workstation agents

Select to search for a specific type of logon event.

Add Logons dialog:

1
Select a logon type from the list.
2
Click Add.
3
Click OK to save selections and close dialog.
NOTE: Use Add With Events to select from a list of logon types that already have an event in the database.

Registry

Any

Select to search for changes to system registry keys that already have an event associated with it in the Change Auditor database.

Add Registry Key dialog:

1
Select a registry path from the list.
2
Click Add.
3
Click in Scope cell to change the scope of the search.
4
Click in Actions cell to change setting. All Actions is selected by default, meaning all registry key actions will be included in the search.
To select individual actions, you must first clear the All Actions check box.
5
Click OK to save selections and close dialog.
NOTE: Use Add All Registry Keys to search all registry keys in the enterprise. When this option is selected, all other registry keys in the selection list are ignored (appear in red). In addition, the Scope cannot be changed.

Service

Any

Select to search for changes to services which already have an event associated with it in the Change Auditor database.

Add Service dialog:

1
Select a service from the list.
2
Click Add.
3
Click OK to save selections and close dialog.

SharePoint

Change Auditor for SharePoint

Select to search for changes to specific SharePoint components.

Add SharePoint Path dialog:

1
Select a path from the hierarchy displayed.
2
Click Add.
3
To specify a wildcard expression to search for events generated against specific SharePoint components:
Click the appropriate cell in the selection list (Farm Name, Web Name, List Name, Item Name, or Item URL).
Select the check box on the displayed dialog to enable the controls.
Select the comparison operator: Like or Not Like.
Enter the pattern (character string and * wildcard character) to be used to search for a match.
You can also use Add Wildcard to specify wildcard expressions.
4
Click OK to save selections and close dialog.
NOTE: When multiple wildcard expressions are specified, they are ‘ANDed’ together and all of the expressions must be met to be considered a match.
NOTE: Use Add With Events to limit this list to SharePoint paths that already have an event associated with it in the database.
NOTE: Use Add All SharePoint Paths to search all SharePoint paths in the enterprise. When this option is selected, all other paths in the selection list are ignored (appear in red).

SQL

Change Auditor for SQL Server

Select to search for changes to specific SQL instances.

Add SQL Instance dialog:

NOTE: At least one of the fields (Instance, Database or SQL Object) must be specified.
1
Instance: Enter the name of the SQL instance to be searched. If left blank, Change Auditor searches all SQL instances.
2
Database: Enter the name of the SQL database to be searched. If left blank, Change Auditor searches all audited SQL databases.
3
SQL Object: Enter a SQL Server object to be included in the search. If left blank, Change Auditor searches for all audited SQL Server objects.
4
Click Add to add criteria to selection list.
5
Click OK to save selections and close dialog.
NOTE: Use Add With Events to select from a list of SQL instances that already have an event associated with it in the database.
NOTE: Use Add All SQL Instances to search all SQL instances in the enterprise. When this option is selected, all other instances in the selection list are ignored (appear in red).

SQL Data Level

Change Auditor for SQL Server

On the Add SQL Data Level Object, select one of the following and enter the search term:

Application Name
Database Name
Table Name
Transaction ID
1
Once you have specified the search term, click Add to add it to the Selection list at the bottom of the dialog.
2
Click OK to save your selection and close the dialog.

VMware

Any

Select to search for changes to a specific VMware host or virtual machine.

VMware dialog:

1
Select the Host Name and/or VM Name check box:
2
If the Host Name check box is selected:
Select the comparison operator: Like or Not Like.
Enter the full name of the VMware host (vCenter® Server or individual host computer) or a pattern (character string and * wildcard character).
3
If the VM Name check box is selected:
Select the comparison operator: Like or Not Like.
Enter the full name of the virtual machine or a pattern (character string and * wildcard character).
If both the Host Name and VM Name are specified, both expressions must be met.
4
Click Add to add criteria to selection list.
5
Click OK to save selections and close dialog.
NOTE: Use Add With Events to select from a list of items that already have an event in the database.
NOTE: Use Add All VMware Hosts to add all hosts. When this option is selected, all other items in the selection list are ignored (appear in red).

Where tab

The Where tab allows you to specify which agents to include (or exclude) in the search definition. You can select individual agents, all agents in a specific domain, or a given site. When multiple ‘where’ criteria is added to this tab, Change Auditor uses the ‘OR’ operator to evaluate change events, returning events captured by any of the specified agents, domains, or sites.

The Where tab contains the following information and controls:

Runtime Prompt
Select this check box to prompt for the ‘where’ criteria when this search is executed. That is, when you select Run, the Select one or more Directory Objects dialog appears allowing you to locate and select the agents, domains, or sites to include in the search definition.
* 
NOTE: When this check box is checked, the Add tool bar button will be deactivated.
* 
NOTE: You can not enable alerting for search definitions that use the Runtime Prompt option.
Exclude the Following Selection(s)
Select this check box to specify the agents, domains or sites to be excluded from the search. That is, Change Auditor is to return events generated from all agents except those listed in the Where list.
Where list
By default, all agents will be included in a new search and therefore this list box will initially be empty.
Once criteria is selected, the Where list box will contain the agents, domains, and sites to be included in the search (or excluded from the search if the Exclude the Following Selection(s) option is checked).
Add Agents, Domains, Sites dialog

Clicking the Add tool bar button displays the Add Agents, Domains, Sites dialog allowing you to specify the agent, domain or site to include in a custom search. Use the tabbed pages on this dialog as described below.

Table 12. Add Agents, Domains, Sites dialog
Tab
How to add criteria

Select Object
To search for events captured by a specific agent, domain or site:
1
Use the Browse or Search pages to locate the directory object in your environment.
2
Click Add to add criteria to the selection list.
3
Repeat to add additional agents, domains or sites.
4
Click OK to save your selections and close the dialog.

Add Agent
To search for events captured by a specific agent:
1
Select an agent from the displayed list.
2
Click Add to add criteria to the selection list.
3
Repeat to add additional agents.
4
Click OK to save your selections and close the dialog.

Add Server Type
To filter based on server type:
1
Select to include Domain Controllers, Member Servers, Workstation Servers, Exchange Servers as required.
2
Click Add to add criteria to the selection list.
3
Click OK to close the dialog and add the server type to the ‘Where’ list.
When this search runs, Change Auditor searches for events generated on the specified domains, sites, or agents for the specified server type.

Add Wildcard
To use a wildcard expression to specify an agent, domain or site:
1
Select the comparison operator to be used: Like or Not Like.
2
In the expression field, enter the pattern (character string and * wildcard character) to be used to search for a match (NetBIOS name). Use the * wildcard character to match any string of zero or more characters. For example, LIKE *local will find all agents whose NetBIOS name ends in ‘local’.
3
By default, the wildcard expression will be used to search for an agent. To search for a domain or site, select the Domain or Site option.
4
Click Add to add the expression to the selection list.
5
Click OK to save your selection and close the dialog.

Add With Events
To search for events captured by an agent, domain or site that already has an event in the database:
1
Select one or more directory objects from the list.
2
Click Add to add criteria to the selection list.
3
Click OK to save your selections and close the dialog.

When tab

Use the When tab to define a date and/or time range in order to limit your search to include only those events that occur during the selected ranges.

The When tab contains the following information/controls:

Runtime Prompt
Select this check box to prompt for the date and/or time interval each time this search is run. That is, when you select Run, the When dialog appears allowing you to specify the date/time interval to use in your search.
* 
NOTE: When this check box is checked, the Date Interval/Time Interval settings will be deactivated.
* 
NOTE: You can not enable alerting for search definitions that use the Runtime Prompt option.
Date Interval
By default, a new search is set to include the events captured this week (Sunday at midnight, local time, through the current date and time).
To change this setting, select one of the date interval options:
From/To: Select this check box and specify the starting and ending date for your date range. Click the calendar icon to select a date from the calendar control.
Last: Select this check box and the appropriate relative date and value (number of minutes, hours, days, weeks, months, quarters or years).
This: Select this option and click the arrow control to select the appropriate time interval (Day, Week or Month).
Time Interval
Select the Time Interval check box to specify a time range to further limit your search.
From: Enter the starting time for your time range or click the clock icon to select a time from the list. Only events that occurred at or after this time will be included in the search.
To: Enter the ending time for your time range or click the clock icon to select a time from the list. Only events that occurred before or at this time will be included in the search.

Origin tab

Use the Origin tab to search for events based on the NetBIOS name or IP address of the workstation or server from which the event originated. When multiple ‘origin’ criteria is specified on this tab, Change Auditor uses the ‘OR’ operator to evaluate events, returning events that originated from any of the specified workstations or servers.

The Origin tab contains the following information/controls:

Runtime Prompt
Select this check box to prompt for the originating workstation or server when this search is executed. That is, when you select Run, the Add Origin dialog appears allowing you to enter the wildcard expression to locate a specific workstation or server.
* 
NOTE: When this check box is checked, the Add tool bar button will be deactivated.
* 
NOTE: You can not enable alerting for search definitions that use the Runtime Prompt option.
Exclude the Following Selection(s)
Select this check box to specify the workstations or servers to be excluded from the search. That is, Change Auditor is to return events originating from all workstations and servers except those listed in the Origin list.
Origin list
By default, all events regardless of where they originated will be included in a new search and therefore this list box will initially be empty.
Once criteria is selected, the Origin list box will contain the wildcard expression used to locate workstations or servers to be included in the search (or excluded from the search if the Exclude the Following Selection(s) option is checked).
Add Origin dialog

Clicking Add displays the Add Origin dialog allowing you to specify an originating workstation or server. Use the tabbed pages on this dialog as described below.

Table 13. Add Origin dialog
Tab
How to add criteria

Add Wildcard
To search for events based on where they originated:
1
Select the comparison operator to be used: Like or Not Like.
2
In the Expression field, enter the pattern (character string and * wildcard character) to be used to search for a match (NetBIOS name or IP Address). Use the * wildcard character to match any string of zero or more characters.
3
Click Add to add criteria to the selection list.
4
Click OK to save your selection and close the dialog.

Add With Events
To search for events originating from a workstation or server that has an event in the database:
1
Select one or more workstations/servers from the list.
2
Click Add to add criteria to the selection list.
3
Click OK to save your selection and close the dialog.
Documentos relacionados

The document was helpful.

Selecione a classificação

I easily found the information I needed.

Selecione a classificação