Chat now with support
Chat with Support

Change Auditor 7.5 - User Guide

Welcome to Change Auditor Help Change Auditor Core Functionality
Change Auditor Core Functionality Change Auditor Overview Agent Deployment Change Auditor Client Overview Overview Page Searches Search Results and Event Details Custom Searches and Search Properties Enable Alert Notifications Administration Tasks Agent Configurations Coordinator Configuration Purging and Archiving your Change Auditor Database Working with Private Alerts and Reports Generate and Schedule Reports SQL Reporting Services Configuration Change Auditor User Interface Authorization Client Authentication Certificate authentication for client coordinator communication Integrating with On Demand Audit Enable/Disable Event Auditing Account Exclusion Registry Auditing Service Auditing Agent Statistics and Logs Coordinator Statistics and Logs Change Auditor Commands Change Auditor Email Tags
Microsoft 365 and Microsoft Entra ID Auditing Change Auditor for Active Directory
Change Auditor for Active Directory Overview Custom Active Directory Searches and Reports Custom Active Directory Object Auditing Custom Active Directory Attribute Auditing Member of Group Auditing Active Directory Federation Services Auditing ADAM (AD LDS) Auditing Active Directory Database Auditing Active Roles Integration Quest GPOADmin Integration Active Directory Protection Event Details Pane About us
Change Auditor for Authentication Services Change Auditor for Defender Change Auditor for EMC Change Auditor for Exchange Change Auditor for Windows File Servers Change Auditor for Active Directory Queries Change Auditor for Logon Activity Change Auditor for NetApp Change Auditor for SharePoint Change Auditor for SQL Server Change Auditor SIEM Integration Guide
Webhooks in Change Auditor Integrating Change Auditor and SIEM Tools Subscription Management
Adding the PowerShell module Viewing available commands and help Connecting to Change Auditor Managing subscriptions Working with event subscriptions in the client Managing a Splunk integration Splunk event subscription wizard Managing an IBM QRadar integration QRadar event subscription wizard Managing a Micro Focus Security ArcSight Logger and Enterprise Security Manager (ESM) integration ArcSight event subscription wizard Managing a Quest IT Security Search integration (Preview) Managing a Syslog integration Syslog event subscription wizard Managing a Microsoft Sentinel integration Microsoft Sentinel event subscription wizard
Webhook technical insights
Change Auditor Threat Detection Deployment Change Auditor Threat Detection Dashboard Change Auditor PowerShell Command Guide Change Auditor Dialogs
Change Auditor dialogs
Quest Change Auditor dialog Add Administrator Add Agents, Domains, Sites dialog Add Container dialog Add Active Directory Container dialog (AD Query) Add Facilities or Event Classes dialog Add Facilities or Event Classes dialog (Add With Events) Add File System Path dialog Add Foreign Forest Credential Add Group Policy Container dialog Add Local Account dialog Add Logons dialog Add Logons dialog (Add With Events) Add Object Classes dialog Add Object Classes dialog (Add With Events) Add Origin dialog Add Origin dialog (Add With Events) Add Registry Key dialog Add Results dialog Add Service dialog Add Service dialog (Add With Events) Add Severities dialog Add Severities dialog (Add With Events) Add SharePoint Path dialog Add SQL Instance dialog Add SQL Data Level Object Add Users, Computers or Groups dialog Add Where dialog Add Who dialog Advanced Deployment Options dialog Agent Assignment dialog Alert Body Configuration dialog Alert Custom Email dialog Auditing and Protection Templates dialog Authorizations: Application Group dialog Authorizations: Operations | Role Definitions | Task Definitions | Application Group Authorizations: Role dialog Authorizations: Task dialog Auto Deploy to New Servers in Forest dialog Browse for Folder dialog Browse SharePoint dialog Comments dialog Configuration Setup dialog Configure cepp.conf Auditing dialog Connection screen Coordinator Configuration tool Coordinator Credentials Required dialog Credentials Required dialog Custom Filter dialog Database Credentials Required dialog Directory object picker Domain Credentials dialog Eligible Change Auditor Agents dialog Event Logging dialog Export/Import dialog Install or Upgrade/Uninstall/Update Foreign Agent Credentials IP Address dialog Log page Logon Credentials dialog (Deployment page) Logon Credentials dialog (EMC Auditing wizard) Manage Connection Profiles dialog New Report Layout dialog Microsoft 365 dialog Rename dialog Save As dialog Select a SQL Instance and Database dialog Select Destination Folder dialog Select Exchange Users dialog Select Registry Key dialog Select SQL Reporting Services Template dialog Shared Mailboxes dialog SharePoint Credentials Required dialog When dialog
About Us

Introduction

Previous Next

Introduction

Using the Private Alerts and Reports page on the Administration Tasks tab, administrators can disable alert notifications and scheduled reports that were created under a user’s Private folder and move or delete the associated search. This feature allows administrators to clean up orphaned alerts and reports in all user’s private folders.

* 
NOTE: Authorization to use the administration tasks on the Administration Tasks tab is defined using the Application User Interface page. To disable private alerts/reports using the Private Alerts and Reports page, you must be assigned to a role that contains the View Private Alerts and Reports, Disable Alert and Disable Report operations. If you are denied access to the tasks on this page, see Change Auditor User Interface Authorization.

This section provides instructions on how to disable private alerts/reports and how to move or delete the associated searches from the Administration Tasks tab.

Private Alerts and Reports page

Previous Next

Private Alerts and Reports page

The Private Alerts and Reports page is displayed when Private Alerts and Reports is selected from the Configuration task list in the navigation pane of the Administration Tasks tab and displays a list of all private search queries where alerting and/or reporting has been enabled and configured. From this page, administrators with the proper permissions can disable valid alerts and reports from a user’s private folder or move or delete the associated searches.

For each private alert/report found, the following information is displayed:

Name

Displays the name assigned to the search query when it was created.

Folder

Displays the full folder path where the search query was saved.

Owner

Displays the name of the owner who created the private alert/report.

Alert

Indicates whether an alert has been enabled for the search query. Valid entries for this field are:
Enabled - which means that alerting is enabled for the search query and that at least one transport method is enabled.
Disabled - which means that the alert is disabled for the search query; however at least one transport method is still enabled.
Report

Indicates whether reporting had been enabled for the search query. Valid entries for this field are:
Enabled - which means reporting is enabled for the search query and a report will be sent to the specified recipients as defined on the Report tab.
Disabled - which means previously enabled reporting has now been disabled for the search query.
Alert To

Displays the email address of any recipients specified to receive an alert email notification (SMTP).

Alert Cc

Displays the email address of any ‘carbon copy’ recipients specified to receive an alert email notification.

Alert Bcc

Displays the email address of any ‘blind carbon copy’ recipients specified to receive an alert email notification.

Report To

Displays the email address of any recipients or shared folder specified to receive a report as defined on the Report tab.

Report Cc

Displays the email address of any ‘carbon copy’ recipients specified to receive a report email.

Report Bcc

Displays the email address of any ‘blind carbon copy’ recipients specified to receive a report email.

Disable private alerts and reports

Previous Next

Disable private alerts and reports

To disable a private alert or report:
1
Open the Administration Tasks tab and click Configuration.
2
Select Private Alerts and Reports from the task list.
3
On the Private Alerts and Reports page use one of the following methods to disable a private alert/report:
Select the alert/report to be disabled and click the appropriate tool bar button: Disable Alert or Disable Report.
Select the alert/report to be disabled, right-click and select the appropriate option: Disable Alert or Disable Report.

The disabled status also appears on the Searches page for the selected search query. The user can use the commands on the Searches page to re-enable alerting/reporting for a private search query.

Move and delete private searches

Previous Next

Move and delete private searches

Administrators can delete or move another user’s private search, move them to their private searches folder, or make them public by moving them to a shared searches folder.

To move a private search:
1
Open the Administration Tasks tab and click Configuration.
2
Select Private Alerts and Reports from the task list.
3
On the Private Alerts and Reports page, select the alert/report to be moved and click Move.
4
Select the destination folder and click OK.
To delete a private search:
1
Open the Administration Tasks tab and click Configuration.
2
Select Private Alerts and Reports from the task list.
3
On the Private Alerts and Reports page, select the alert/report to be deleted and click Delete.
4
Click Yes to confirm the removal.

 

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating