Chat now with support
Chat with Support

Change Auditor 7.0.3 - Built-in Reports Reference Guide

Introduction Built-in reports
AD Query All Events Authentication Services Azure Active Directory Defender Office 365 Logon Activity Skype for Business Recommended Best Practices Regulatory Compliance
FISMA (Federal Information Security Management Act)
NIST SP 800-53 | Technical Controls | Accountability (Including Audit Trails) | A01 – User Association NIST SP 800-53 | Technical Controls | Accountability (Including Audit Trails) | A02 – Content of Audit Records NIST SP 800-53 | Technical Controls | Accountability (Including Audit Trails) | A03 – Auditable Events NIST SP 800-53 | Technical Controls | Accountability (Including Audit Trails) | A04 – Audit Processing NIST SP 800-53 | Technical Controls | Identification and Authentication | IA02 – Remote, Privileged Access Authentication NIST SP 800-53 | Technical Controls | Identification and Authentication | IA03 – Password Protection Mechanisms NIST SP 800-53 | Technical Controls | Identification and Authentication | IA04 – Password Life NIST SP 800-53 | Technical Controls | Identification and Authentication | IA05 – Password Content NIST SP 800-53 | Technical Controls | Identification and Authentication | IA12 – Remote Access Identification Authentication NIST SP 800-53 | Technical Controls | Identification and Authentication | IA16 – Password Management NIST SP 800-53 | Technical Controls | Logical Access Control | AC01 - Remote Access Restrictions NIST SP 800-53 | Technical Controls | Logical Access Control | AC02 - Logon Notification Message NIST SP 800-53 | Technical Controls | Logical Access Control | AC05 - Session Inactivity NIST SP 800-53 | Technical Controls | Logical Access Control | AC06 - Limited Connection Time NIST SP 800-53 | Technical Controls | Logical Access Control | AC09 - Enforcement Mechanisms NIST SP 800-53 | Technical Controls | Logical Access Control | AC10 - Automated Account Controls NIST SP 800-53 | Technical Controls | Logical Access Control | AC12 - Supervision and Review NIST SP 800-53 | Technical Controls | Logical Access Control | AC14 - Authorization Procedures NIST SP 800-53 | Technical Controls | System and Communications Protection | SP02 - Information System Partitioning NIST SP 800-53 | Technical Controls | System and Communications Protection | SP04 - Denial of Service Protection NIST SP 800-53 | Technical Controls | System and Communications Protection | SP05 - Resource Priority NIST SP 800-53 | Technical Controls | System and Communications Protection | SP06 - Boundary Protection NIST SP 800-53 | Technical Controls | System and Communications Protection | SP07 - Network Segregation NIST SP 800-53 | Technical Controls | System and Communications Protection | SP09 - Network Disconnect NIST SP 800-53 | Technical Controls | System and Communications Protection | SP11 - Trust Path NIST SP 800-53 | Technical Controls | System and Communications Protection | SP16 - Use of Encryption
GLBA (Gramm-Leach-Bliley Act) GDPR HIPAA (Health Insurance Portability and Accountability Act) Payment Card Industry SAS 70 (Statement on Auditing Standards, Service Organizations) SOX (Sarbanes-Oxley General IT Controls Evidence based on the COBIT Framework)
Security SharePoint SQL Data Level Threat Detection VMware

164.310 – Physical Safeguards | Standard Workstation Security

| Standard Workstation Security

164.310 – Physical Safeguards | Standard Workstation Use

| Standard Workstation Use
Detailed list of GPO disk access modifications
Who = All Users
What = Devices: Restrict CD-ROM Access to Locally Logged-on User Only Policy Changed; Devices: Allowed to Format and Eject Removable Media Policy Changed; Devices: Restrict Floppy Access to Locally Logged-Out User Only Policy Changed
Where = All sources
When = Last 7 days
Origin = All workstations/servers
Detailed list of hard disk modifications
Who = All Users
What = Disk Size Changed
Where = All sources
When = Last 7 days
Origin = All workstations/servers
Detailed list of GPO workstation access modifications
Who = All Users
What = Deny Access to this Computer from the Network Policy Changed; Access this Computer from the Network Policy Changed
Where = All sources
When = Last 7 days
Origin = All workstations/servers

164.312 – Technical Safeguards | Standard Person or entity authentication

| Standard Person or entity authentication
Defender
All Defender events in last 30 days
Who = All Users
What = Defender facility
Where = All sources
When = Last 30 days
Origin = All workstations/servers
Defender – Member added to access node in last 30 days
Who = All Users
What = Member Added to Access Node
Where = All sources
When = Last 30 days
Origin = All workstations/servers
Defender – Member removed from access node in last 30 days
Who = All Users
What = Member Removed from Access Node
Where = All sources
When = Last 30 days
Origin = All workstations/servers
Defender access node added in last 30 days
Who = All Users
What = Defender Access Node Added
Where = All sources
When = Last 30 days
Origin = All workstations/servers
Defender access node removed in last 30 days
Who = All Users
What = Defender Access Node Removed
Where = All sources
When = Last 30 days
Origin = All workstations/servers
Defender password events in last 30 days
Who = All Users
What = Defender Password Changed; Defender Password Cleared; Defender Password Expiry Cleared; Defender Password Expiry Set; Defender Password Set
Where = All sources
When = Last 30 days
Origin = All workstations/servers
Defender policy added in last 30 days
Who = All Users
What = Defender Policy Added
Where = All sources
When = Last 30 days
Origin = All workstations/servers
Defender policy change events in last 30 days
Who = All Users
What = Defender Policy Changed for Access Node; Defender Policy Changed for Group; Defender Policy Changed for Security Server; Defender Policy Changed for User
Where = All sources
When = Last 30 days
Origin = All workstations/servers

164.312 – Technical Safeguards | Standard Access Control

| Standard Access Control
Automatic Logoff
Detailed list of Authentication modifications
Who = All Users
What = Deny Log On Locally Policy Changed; Deny Log On As a Service Policy Changed; Deny Access to this Computer from the Network Policy Changed; Allow Log On Through Terminal Services Policy Changed; Allow Log On Locally Policy Changed; Deny Log On As a Batch Job Policy Changed; Deny Log On Through Terminal Services/Remote Desktop Services Policy Changed
Where = All sources
When = Last 7 days
Origin = All workstations/servers
Detailed list of dial-in modifications
Who = All Users
What = User Dial-in Static Route Added; User Dial-in Static Route Removed; User Dial-in Callback Options Changed; User Dial-in Static IP Address Changed; User Dial-in Remote Access Permission Changed; User Dial-in Verify Caller ID Changed
Where = All sources
When = Last 7 days
Origin = All workstations/servers
Detailed list of forced logoff modifications
Who = All Users
What = Network Security: Force Logoff When Logon Hours Expire Policy Changed
Where = All sources
When = Last 7 days
Origin = All workstations/servers
Detailed list of GPO workstation access modifications
Who = All Users
What = Deny Access to this Computer from the Network Policy Changed; Access this Computer from the Network Policy Changed
Where = All sources
When = Last 7 days
Origin = All workstations/servers
Detailed list of logon hours modifications
Who = All Users
What = User logonHours Changed
Where = All sources
When = Last 7 days
Origin = All workstations/servers
Detailed list of user account policy modifications
Who = All Users
What = Maximum Password Age Policy Changed; Enforce Password History Policy Changed; Account Lockout Threshold Policy Changed; Account Lockout Duration Policy Changed; Enforce User Logon Restrictions Policy Changed
Where = All sources
When = Last 7 days
Origin = All workstations/servers
Detailed list of user workstation modifications
Who = All Users
What = User userWorkstations Added; User userWorkstations Removed
Where = All sources
When = Last 7 days
Origin = All workstations/servers
Unique User Identification
Authentication Services
Users set to UNIX-enabled and created in last 30 days
Who = All Users
What = UNIX-Enabled Changed for User
Where = All sources
When = Last 30 days
Origin = All workstations/servers
Related Documents