Chat now with support
Chat with Support

On Demand Audit Current - User Guide

Introducing On Demand Audit Configuring On Demand Audit Change Auditor Integration Working with On Demand Audit Appendix A: Working with Filters Documentation Roadmap

Using built in searches

On Demand Audit provides predefined searches which allow you to quickly retrieve valuable configuration change information from various perspectives.

Although built in searches cannot be modified, you can create a new search based on it and customize the settings to suit your needs. See Creating a search from an existing search.

The following built in searches are available:

To run a built in search

  1. Select the Searches tab.
  2. Locate the search in the required category.
  3. Highlight the search and click the arrow icon to run it.
From here you can:

Active Directory Built in searches

If you have a Change Auditor installation registered with On Demand Audit, you will have access to the following Active Directory built-in searches:

  • AD all account lockout events in the past 7 days
  • AD all attribute changes in the past 7 days
  • AD all computer events in the past 7 days
  • AD all domain controller events in the past 7 days
  • AD all events in the past 24 hours
  • AD all events in the past 7 days
  • AD all events including ActiveRoles/GPOADmin initiator in the past 7 days
  • AD all forest configuration events in the past 7 days
  • AD all objects deleted in the past 7 days
  • AD all OU events in the past 7 days
  • AD all replication events in the past 7 days
  • AD all schema configuration events in the past 7 days
  • AD all security changes in the last 30 days
  • AD all site events in the past 7 days
  • AD all user events in the past 7 days
  • AD computers added in the past 30 days
  • AD computers disabled in the past 30 days
  • AD computers enabled in the past 30 days
  • AD computers moved in the past 30 days
  • AD computers removed in the past 30 days
  • AD computers renamed in the past 30 days
  • AD critical group membership changes in the past 30 days
  • AD group added in the past 30 days
  • AD group deleted in the past 30 days
  • AD group member added changes in the past 30 days
  • AD group member removed changes in the past 30 days
  • AD group moved in the past 30 days
  • AD group nested member added changes in the past 30 days
  • AD group nested member removed changes in the past 30 days
  • AD group renamed in the past 30 days
  • AD users added in the past 30 days
  • AD users added to group in the past 30 days
  • AD users deleted in the past 30 days
  • AD users disabled in the past 30 days
  • AD users enabled in the past 30 days
  • AD users locked out in the past 30 days
  • AD users moved in the past 30 days
  • AD users removed from group in the past 30 days
  • AD users renamed in the past 30 days
  • AD users unlocked in the past 30 days

See Change Auditor Integration for details on adding on-premises event data to your On Demand Audit deployment.

Azure Active Directory built in searches

On Demand Audit provides the following Azure Active Directory built-in searches that are based on the most common and complex requests for information:

  • Azure AD application events in the past 7 days
  • Azure AD directory events in the past 7 days
  • Azure AD events in the past 7 days
  • Azure AD failed sign-in events in the past 7 days
  • Azure AD group events in the past 7 days
  • Azure AD group member changes in the past 7 days
  • Azure AD group owner changes in the past 7 days
  • Azure AD risk events in the past 7 days
  • Azure AD role events in the past 7 days
  • Azure AD role member changes in the past 7 days
  • Azure AD self-service password management events in the past 7 days
  • Azure AD sign-in events in the past 7 days
  • Azure AD successful sign-in events in the past 7 days
  • Azure AD tenant level configuration changes in the last 180 days
  • Azure AD user created events in the past 7 days
  • Azure AD user deleted events in the past 7 days
  • Azure AD user events in the past 7 days
  • Important changes for critical Azure AD directory roles in the past 7 days
  • Objects added/removed from Azure AD groups in the past 7 days
  • Objects added/removed from Azure AD roles in the past 7 days
  • Users added/removed as owner of Azure AD groups in the past 7 days

 

Best Practices built in searches

On Demand Audit provides the following Best Practices built-in search:

  • Sharing operations on important file types within past 7 days
  • Teams guest access enabled or disabled in the past 30 days
Related Documents