Chat now with support
Chat with Support

Change Auditor 7.5 - Built-in Reports Reference Guide

Introduction Built-in reports
Active Directory Federation Services AD Query All Events Authentication Services Microsoft Entra Defender Microsoft 365 Logon Activity Recommended Best Practices Regulatory Compliance
FISMA (Federal Information Security Management Act)
NIST SP 800-53 | Technical Controls | Accountability (Including Audit Trails) | A01 – User Association NIST SP 800-53 | Technical Controls | Accountability (Including Audit Trails) | A02 – Content of Audit Records NIST SP 800-53 | Technical Controls | Accountability (Including Audit Trails) | A03 – Auditable Events NIST SP 800-53 | Technical Controls | Accountability (Including Audit Trails) | A04 – Audit Processing NIST SP 800-53 | Technical Controls | Identification and Authentication | IA02 – Remote, Privileged Access Authentication NIST SP 800-53 | Technical Controls | Identification and Authentication | IA03 – Password Protection Mechanisms NIST SP 800-53 | Technical Controls | Identification and Authentication | IA04 – Password Life NIST SP 800-53 | Technical Controls | Identification and Authentication | IA05 – Password Content NIST SP 800-53 | Technical Controls | Identification and Authentication | IA12 – Remote Access Identification Authentication NIST SP 800-53 | Technical Controls | Identification and Authentication | IA16 – Password Management NIST SP 800-53 | Technical Controls | Logical Access Control | AC01 - Remote Access Restrictions NIST SP 800-53 | Technical Controls | Logical Access Control | AC02 - Logon Notification Message NIST SP 800-53 | Technical Controls | Logical Access Control | AC05 - Session Inactivity NIST SP 800-53 | Technical Controls | Logical Access Control | AC06 - Limited Connection Time NIST SP 800-53 | Technical Controls | Logical Access Control | AC09 - Enforcement Mechanisms NIST SP 800-53 | Technical Controls | Logical Access Control | AC10 - Automated Account Controls NIST SP 800-53 | Technical Controls | Logical Access Control | AC12 - Supervision and Review NIST SP 800-53 | Technical Controls | Logical Access Control | AC14 - Authorization Procedures NIST SP 800-53 | Technical Controls | System and Communications Protection | SP02 - Information System Partitioning NIST SP 800-53 | Technical Controls | System and Communications Protection | SP04 - Denial of Service Protection NIST SP 800-53 | Technical Controls | System and Communications Protection | SP05 - Resource Priority NIST SP 800-53 | Technical Controls | System and Communications Protection | SP06 - Boundary Protection NIST SP 800-53 | Technical Controls | System and Communications Protection | SP07 - Network Segregation NIST SP 800-53 | Technical Controls | System and Communications Protection | SP09 - Network Disconnect NIST SP 800-53 | Technical Controls | System and Communications Protection | SP11 - Trust Path NIST SP 800-53 | Technical Controls | System and Communications Protection | SP16 - Use of Encryption
GLBA (Gramm-Leach-Bliley Act) GDPR HIPAA (Health Insurance Portability and Accountability Act) Payment Card Industry SAS 70 (Statement on Auditing Standards, Service Organizations) SOX (Sarbanes-Oxley General IT Controls Evidence based on the COBIT Framework)
Security SharePoint SQL Data Level SQL Extended Events Threat Detection

Section 404 | Acquisition and Implementation

| Acquisition and Implementation

The Acquisition and Implementation reports are available under the following folders:

BAI2.2 - Perform a feasibility study and formulate alternative solutions

A summary report containing events from all of the following reports.

A summary report containing events from all of the following reports.

A summary report containing events from all of the following reports.

A summary report containing events from all of the following reports.

A summary report containing events from all of the following reports.

A summary report containing events from all of the following reports.

A summary report containing events from all of the following reports.

A summary of reports containing events from all of the following reports.

Section 404 | Delivery and Support

| Planning and Organization

The Planning and Organization reports are available under the following folder:

Manage Contract Staff
(Executive Summary) Manage Human Resources

A summary report containing events from all of the following reports.

Detailed list of disabled user accounts
Who = All Users
What = User Account Disabled
Where = All sources
When = Last 7 days
Origin = All workstations/servers
Detailed list of enabled user accounts
Who = All Users
What = User Account Enabled
Where = All sources
When = Last 7 days
Origin = All workstations/servers
Detailed list of expired user accounts
Who = All Users
What = User accountExpires Changed
Where = All sources
When = Last 7 days
Origin = All workstations/servers
Detailed list of user dial-in modifications
Who = All Users
What = User Dial-in Static Route Added; User Dial-in Static Route Removed; User Dial-in Callback Options Changed; User Dial-in Static IP Address Changed; User Dial-in Remote Access Permission Changed; User Dial-in Verify Caller ID Changed
Where = All sources
When = Last 7 days
Origin = All workstations/servers
Detailed list of user Exchange mailbox modifications
Who = All Users
What = Mailbox Enabled for User; Mail Disabled for User; Mailbox Rights Changed for User; Mailbox Disabled for User; Mail Enabled for User; Email Addresses Changed for User
Where = All sources
When = Last 7 days
Origin = All workstations/servers
Detailed list of user name modifications
Who = All Users
What = User userPrincipalName Changed; Display Name Changed on User Object; First Name Changed on User Object; User samAccountName Changed; Last Name Changed on User Object; Domain User Renamed
Where = All sources
When = Last 7 days
Origin = All workstations/servers
Detailed list of user permitted logon hour modifications
Who = All Users
What = User logonHours Changed
Where = All sources
When = Last 7 days
Origin = All workstations/servers
Detailed list of user workstation restriction modifications
Who = All Users
What = User userWorkstations Added; User userWorkstations Removed
Where = All sources
When = Last 7 days
Origin = All workstations/servers
 
 

Security

The Security reports are available in the following folders:

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating