• Become a portal pro
• Download
• Print
• My Downloads ()

• Support
• Technical Documentation
• Change Auditor for Defender 7.1.1
• Change Auditor for Defender 7.1.1 - User Guide

Change Auditor for Defender 7.1.1 - User Guide

Table of Contents  

Change Auditor for Defender Overview

Introduction Deployment requirements

Getting Started

Deployment requirements and notes Enable Defender auditing Make changes and run a report Troubleshooting

Defender Searches/Reports

Defender built-in searches Search results

• Viewing Topics 9 - 11 of 11

×

Defender Searches/Reports

•	Defender built-in searches

•	Search results

Defender built-in searches

You can run built-in searches to retrieve Defender activity captured by deployed agents enabling you to retrieve valuable information from a variety of perspectives.

NOTE: The terms ‘searches’ and ‘reports’ are used in conjunction to acquire the desired output. You run a ‘search’ and the results returned are referred to as a ‘report’.

To see a complete list of built-in reports, see the Change Auditor Built-in Reports Reference Guide.

and

To run a built-in search:

1	Click on the Searches tab or select View | Searches.

2	Expand and select the appropriate folder in the explorer view (left pane) to display the list of search definitions stored in the selected folder. For example, selecting the Shared | Built-in | Defender will display all the built-in searches available for Defender.

3	In the right-hand pane, locate the search to be run and use one of the following methods to run the selected search:

•	Double-click a search definition

•	Right-click a search definition and select Run.

•	Select the search definition and click Run.

4	A new Search Results Page will be displayed populated with the audited events that met the search criteria defined in the selected search definition.

NOTE: To modify a built-in search, see the Change Auditor User Guide.

Search results

The Defender event information (including key information like who, what, when, where, why, and the event origin information) can be viewed on the Event Details pane in the client. The following table provides a description of the event details provided for Defender events.

 

Table 1. Event Details pane: Defender events

ChangeAuditor	Description
Severity	Displays “Low”, “Medium”, or “High” depending on the event.
Who	Specifies the name of the user who initiated the change.
When	Specifies the date and time when the change occurred.
Where	Displays the name of the workstation where the change occurred.
Source	Displays ‘Change Auditor’ which is the application from which the event was retrieved.
Origin	Displays the NetBIOS name and IP address of the workstation from which the event was generated.
What	Displays a description of the activity that occurred. NOTE: For lengthy descriptions, hover your cursor over the description field to view the entire event description.
Facility	Displays that it is Defender activity.

•  Previous
• Viewing Topics 9 - 11 of 11
• Next 

Search this document Search all documents for this product-version Search all documents for this product Search all documents

×

 Welcome to Quest Support

You can find online support help for Quest *product* on an affiliate support site. Click continue to be directed to the correct support content and assistance for *product*.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating

© ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center