Chat now with support
Chat with Support

Change Auditor for Defender 7.0.2 - User Guide

Defender built-in searches

You can run built-in searches to retrieve Defender activity captured by deployed agents enabling you to retrieve valuable information from a variety of perspectives.

To see a complete list of built-in reports, see the Change Auditor Built-in Reports Reference Guide.

and

1
Click on the Searches tab or select View | Searches.
NOTE: To modify a built-in search, see the Change Auditor User Guide.

Search results

The Defender event information (including key information like who, what, when, where, why, and the event origin information) can be viewed on the Event Details pane in the client. The following table provides a description of the event details provided for Defender events.

Severity

Displays “Low”, “Medium”, or “High” depending on the event.

Who

Specifies the name of the user who initiated the change.

When

Specifies the date and time when the change occurred.

Where

Displays the name of the workstation where the change occurred.

Source

Displays ‘Change Auditor’ which is the application from which the event was retrieved.

Origin

Displays the NetBIOS name and IP address of the workstation from which the event was generated.

What

Displays a description of the activity that occurred.

Facility

Displays that it is Defender activity.

Related Documents