立即与支持人员聊天
与支持团队交流

Change Auditor for Defender 7.1.1 - User Guide

Defender Searches/Reports

Defender built-in searches

You can run built-in searches to retrieve Defender activity captured by deployed agents enabling you to retrieve valuable information from a variety of perspectives.

To see a complete list of built-in reports, see the Change Auditor Built-in Reports Reference Guide.

and

1
Click on the Searches tab or select View | Searches.
NOTE: To modify a built-in search, see the Change Auditor User Guide.

Search results

The Defender event information (including key information like who, what, when, where, why, and the event origin information) can be viewed on the Event Details pane in the client. The following table provides a description of the event details provided for Defender events.

Severity

Displays “Low”, “Medium”, or “High” depending on the event.

Who

Specifies the name of the user who initiated the change.

When

Specifies the date and time when the change occurred.

Where

Displays the name of the workstation where the change occurred.

Source

Displays ‘Change Auditor’ which is the application from which the event was retrieved.

Origin

Displays the NetBIOS name and IP address of the workstation from which the event was generated.

What

Displays a description of the activity that occurred.

Facility

Displays that it is Defender activity.

相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级