On Demand Audit Current

Private categories are only visible to the individual who created them.
Shared categories are visible to all On Demand Audit users and allow for collaboration with multiple users from the same organization.

By default, the following categories are available:

All Private Searches: All private searches belonging to the signed-in user.
All Searches: All configured searches.
Active Directory: All Active Directory events in the last 24 hours, 7 days, and 30 days.
All Events: All events in the last 24 hours and 7 days.
Azure Active Directory: Azure Active Directory application, directory, group, role, self-service password, user created, user deleted, and user events in the last 7 days.
Best Practices: Sharing operations on important file types and Teams guest access events.
Group Policy: Group Policy events.
Logon Activity: Logon activity events.
Office 365: Office 365 and SharePoint online events.
On Demand Audit: All On Demand audit and alert events.
Teams: Teams user and administrator activity events.
My searches: A built-in private category.

To create a category

NOTE:

Private category names must be unique among all categories for each user.
Shared category name must be unique among all shared searches in all categories in the organization.

Under the Searches tab, click Add in the Categories field.
Enter the category name.
Select whether the category is private or shared.
Click Add.

To assign a search to a new category

Under the Searches tab, select the search.
Click the pencil icon to modify the search.
Drop down the Category field and select the required category.
Click Save .

To edit the name of a category

Under the Searches tab, select the category.
Highlight the category, and click the pencil icon to the left of the category.
Enter a new name for the category and click Save.

Working with alerts and alert plans

Working with On Demand Audit > Working with alerts and alert plans

Alerts and their associated alert plans allow those responsible for the security of your environment to stay on top of changes and activities as they occur.

Through the Alerts page you can:

View the number of alerts created in the last 24 hours for each search.
View the number of associated alert plans.
Enable and disable individual alerts.
Remove alerts.
Add and remove associated alert plans.
Review searches that have alerts created for them.
Select an information icon to see when shared alerts and alert plans were created, last saved, and by whom.

By clicking on an alert you can:

View and access all alert plans associated with alert.
Edit the alert.
View its associated search.

For details, see Managing alerts and alert plans

Managing alerts and alert plans

Working with On Demand Audit > Working with alerts and alert plans > Managing alerts and alert plans

Creating an alert for a search allows those responsible for the security of your environment to receive detailed information about vital changes and activities as they occur.

The alert plan allows you to configure who will receive alerts so that they can take the appropriate action to address the outlined risks to your environment.

When you create or modify an alert plan, you have the option of selecting whether it will be private or shared.

Private alert plans are only visible to the individual who created them.
Shared alert plans are visible to all On Demand Audit users and allow for collaboration with multiple users from the same organization.

NOTE:

You can select to assign any number of alert plans to an alert.
When enabling or editing an alert for a private search, only private alert plans can be used or created.
When enabling or editing an alert for a shared search, only shared alert plans can be used or created.

To create an alert with an associated alert plan

Under the Searches tab, select the search.
Click Alert.
Configure the alert plan to associate with the alert.

To use an existing alert plan, select it and click Save.

To create and enable a new alert plan, enter a name for it, and select whether it will be private or shared. Next, select the link to enter the email recipients for the alert, and click Save.

To edit an alert and associated alert plan

Under the Alerts tab, select Alerts.
Select the required alert, and click Edit Alert.
Add and remove the alert plans associate with the alert as required.

To add existing alert plan, select it and click Save.

To remove an existing alert plan, clear the check box , and click Save.

To create and enable a new alert plan, enter a name for it, and select whether it will be private or shared. Next, select the link to enter the email recipients for the alert, and click Save.

To remove an alert

Under the Alerts tab, select Alerts.
Select the required alert, and click the X icon to delete it.

To create an alert plan

Under the Alerts tab, select Alert Plans.
Click New Plan.
To create and enable a new alert plan, enter a name for it, and select whether it will be private or shared. Next, select the link to enter the email recipients for the alert, and click Save.
Click Send Test and OK to verify that a test alert is sent to the appropriate recipients.

To rename an alert plan

Under the Alerts tab, select Alert Plans.
Select the required alert plan, click in the name field, rename as required, and click Save.

To remove an alert plan

Under the Alerts tab, select Alert Plans.
Select the required alert, and click the X icon to delete it.

Please select your product:

To serve you better, please complete the Purpose of your Chat:

Recommended Solutions for Your Problem

On Demand Audit Current - User Guide

Deleting a search

Working with categories

Working with alerts and alert plans

Managing alerts and alert plans