Chat now with support
Chat with Support

Change Auditor for Authentication Services 7.0.4 - User Guide

Introduction

You can use predefined reports to retrieve valuable change information from a variety of perspectives.

You can also create custom search definitions to search for the configuration changes that need to be tracked in your environment. You will use the search properties tabs across the bottom of the Searches page to define new custom searches.

Authentication Services built-in reports

To see a complete list of built-in reports, see the Change Auditor Built-in Reports Reference Guide.

1
Click on the Searches tab or select View | Searches.
2
Expand and select the appropriate folder in the explorer view (left-hand pane) to display the list of search definitions stored in the selected folder. For example, selecting the Shared | Built-in | Authentication Services will display all the built-in searches available for One Identity Authentication Services.
Select the search definition and click the Run tool bar button at the top of the Searches page

Create custom searches

The following scenario explain how to use the What tab to create custom searches.

Selecting the Private folder will create a search that only you can run and view, whereas selecting the Shared folder will create a search which can be run and viewed by all Change Auditor users.
3
Click New at the top of the Searches page.
5
Open the What tab, click Add (or expand the Add tool bar button and select Event Class).
6
On the Add Facilities or Event Classes dialog, enter Authentication Services Monitoring in the data filter field under the Facility heading to display all of the Authentication Services events.
7
From this list, select one or more events and use the Add | Add This Event option to add the selected events to the list box at the bottom of the dialog. Click OK to save your selection and close the dialog.
8
Click Run to save and run the search. Click Save to save the search definition without running it.

Search results

The event information (including key information like who, what, when, where, why, the event origin, and the file information) can be viewed on the Event Details pane.

Severity

Displays “Low”, “Medium”, or “High” depending on the event.

Who

Specifies the name of the user who initiated the change.

When

Specifies the date and time when the change occurred.

Where

Displays the name of the workstation where the change occurred.

Source

Displays ‘Change Auditor’ which is the application from which the event was retrieved.

Origin

Displays the NetBIOS name and IP address of the workstation from which the event was generated.

What

Displays a description of the activity that occurred.

Facility

Displays that it is Authentication Services Monitoring activity.

 

Related Documents