Chat now with support
与支持团队交流

Change Auditor 7.0.2 - Event Reference Guide

Introduction

Change Auditor provides total auditing and security coverage for the enterprise including Active Directory, Exchange, Office 365 Exchange, Azure Active Directory, Windows file servers, SQL Server, NetApp filers, EMC file servers, Dell Fluid File System, VMware vCenter™, SharePoint, and Microsoft Skype for Business. Change Auditor audits the activities taking place in your infrastructure and, with real-time alerts, delivers detailed information about vital changes and activities as they occur. Instantly know who made changes including the IP address of the originating workstation, where and when it occurred along with before and after values. Then automatically turn that information into intelligent, in-depth forensics for auditors and management — and reduce the risks associated with day-to-day operations.

Change Auditor uses a modular approach which allows for separate product deployment and management for key environments including:

Additional Change Auditor auditing modules allow you to track, audit, report and alert on critical changes made using the following Quest products:

In addition to real-time event auditing, you can also enable event logging to capture many of the Change Auditor events locally in a Windows event log. These event logs can then be collected using InTrust to satisfy long-term storage requirements.

This guide lists the core audited events available in Change Auditor regardless of the Change Auditor product license that is applied. Separate event reference guides are provided which list the additional events that are available when the different Change Auditor auditing modules are licensed.

Change Auditor Events

This section lists the audited events available in Change Auditor regardless of the applied Change Auditor product license. Audited events are listed in alphabetical order by facility:

 

Change Auditor Internal Auditing

Active Directory Protection Template Added

Created when an Active Directory protection template is added to Change Auditor.

Medium

Active Directory Protection Template Changed

Created when an attribute is added or removed from the Active Directory protection template.

Medium

Active Directory Protection Template Disabled

Created when an Active Directory protection template is disabled.

Medium

Active Directory Protection Template Enabled

Created when an Active Directory protection template is enabled.

Medium

Active Directory Protection Template Removed

Created when an Active Directory protection template is removed from Change Auditor.

Medium

AD Query Container Added

Created when a container is added to the Excluded AD Query list.

Medium

AD Query Container Disabled

Created when a container is disabled on the Excluded AD Query list.

Medium

AD Query Container Enabled

Created when a container is enabled on the Excluded AD Query list.

Medium

AD Query Container Removed

Created when a container is removed from the Excluded AD Query list.

Medium

ADAM Attribute Severity Changed

Created when the severity for a monitored ADAM (AD LDS) attribute is changed.

Low

ADAM Monitoring Point Added

Created when an ADAM (AD LDS) instance and associated object classes are added to the Change Auditor auditing scope.

Low

ADAM Monitoring Point Removed

Created when an ADAM (AD LDS) instance and associated object classes are removed from the Change Auditor auditing scope.

Low

ADAM Monitoring Scope Disabled

Created when the auditing of an ADAM (AD LDS) object is disabled.

Low

ADAM Monitoring Scope Enabled

Created when the auditing of an ADAM (AD LDS) object is enabled.

Low

ADAM Protection Template Added

Created when an ADAM (AD LDS) protection template is added to Change Auditor.

Medium

ADAM Protection Template Changed

Created when an ADAM (AD LDS) protection template is modified.

Medium

ADAM Protection Template Disabled

Created when an ADAM (AD LDS) protection template is disabled.

Medium

ADAM Protection Template Enabled

Created when an ADAM (AD LDS) protection template is enabled.

Medium

ADAM Protection Template Removed

Created when an ADAM (AD LDS) protection template is removed from Change Auditor.

Medium

Administration Account Added to Active Directory Protection Template

Created when an administration account is added to an Active Directory protection template.

Medium

Administration Account Added to Group Policy Protection Template

Created when an administration account is added to a Group Policy protection template.

Medium

Administration Account Removed from Active Directory Protection Template

Created when an administration account is removed from an Active Directory protection template.

Medium

Administration Account Removed from Group Policy Protection Template

Created when an administration account is removed from a Group Policy protection template

Medium

Agent Added to EMC Auditing Template

Created when a Change Auditor agent is added to an EMC Auditing template.

Medium

Agent added to FluidFS auditing template

Created when a Change Auditor agent is added to a Fluid File System Auditing template.

Medium

Agent Added to NetApp Auditing Template

Created when a Change Auditor agent is added to a NetApp Auditing template.

Medium

Agent Added to SharePoint Auditing Template

Created when a Change Auditor agent is added to a SharePoint Auditing template.

Medium

Agent Added to VMware Auditing Template

Created when a Change Auditor agent is added to a VMware Auditing template.

Medium

Agent Configuration AD Query Delay Changed

Created when the AD Query auditing delay setting (Discard duplicate queries that occur within nn minutes) is changed for an agent configuration definition. (AD Query tab on the Configuration Setup dialog.)

Low

Agent Configuration AD Query Elapsed Changed

Created when the AD Query auditing elapsed setting (Discard queries taking less than nn milliseconds) is changed for an agent configuration definition. (AD Query tab on the Configuration Setup dialog.)

Low

Agent Configuration AD Query Results Changed

Created when the AD Query auditing results setting (Discard query results less than nn records) is changed for an agent configuration definition. (AD Query tab on the Configuration Setup dialog.)

Low

Agent Configuration Added

Created when a new agent configuration definition is added to Change Auditor.

Low

Agent Configuration Agent Load Threshold Changed

Created when the agent load threshold for an agent configuration definition is modified. (System Settings tab on the Configuration Setup dialog.)

Low

Agent Configuration Assignment Changed

Created when the configuration assignment for a Change Auditor agent is changed.

Low

Agent Configuration Connection Days Changed

Created when the allowed connection days setting is changed for an agent configuration definition. (System Settings tab on the Configuration Setup dialog.)

Low

Agent Configuration Connection From Time Changed

Created when the allowed connection ‘from’ time setting is changed for an agent configuration definition. (System Setting tab on the Configuration Setup dialog.)

Low

Agent Configuration Connection To Time Changed

Created when the allowed connection ‘to’ time setting is changed for an agent configuration definition. (System Settings tab on the Configuration Setup dialog.)

Low

Agent Configuration Exchange Auditing Delay Changed

Created when the Exchange Events setting (Discard duplicates that occur within nn seconds) is changed for an agent configuration definition. (Exchange tab on the Configuration Setup dialog.)

Low

Agent Configuration File System Auditing Changed

Created when the file system auditing setting (Audit all configured, including duplicates) is changed for an agent configuration definition. (Exchange tab on the Configuration Setup dialog.)

Low

Agent Configuration File System Auditing Delay Changed

Created when the file system auditing delay setting (Discard duplicates that occur within nn seconds) is changed for an agent configuration definition. (Exchange tab on the Configuration Setup dialog.)

Low

Agent Configuration Forwarding Interval Changed

Created when the forwarding interval is changed in a Change Auditor Agent configuration definition. (System Settings tab on the Configuration Setup dialog.)

Low

Agent Configuration Max Events per Connection Changed

Created when the maximum events per connection setting is changed for an agent configuration definition. (System Settings tab on the Configuration Setup dialog.)

Low

Agent Configuration Polling Interval Changed

Created when the polling interval is changed for an agent configuration definition. (System Settings tab on the Configuration Setup dialog.)

Low

Agent Configuration Removed

Created when an agent configuration definition is removed from Change Auditor.

Low

Agent Configuration Renamed

Created when an agent configuration is renamed in Change Auditor.

Low

Agent Configuration Retry Interval Changed

Created when the retry interval is changed for an agent configuration definition. (System Settings on the Configuration Setup dialog.)

Low

Agent configuration service port changed

Created when the communication port between coordinator and agent has changed.

Low

Agent Configuration VMware Polling Interval Changed

Created when the VMware polling interval is changed for an agent configuration definition. (VMware tab on the Configuration Setup dialog.)

Low

Agent Heartbeat Check Disabled

Created when the Coordinator should try to restart agent service if an agent goes offline check box is cleared in the Agent Heartbeat Check pane of the Coordinator Configuration page.

Low

Agent Heartbeat Check Enabled

Created when the Coordinator should try to restart agent service if an agent goes offline check box is selected in the Agent Heartbeat Check pane of the Coordinator Configuration page.

Low

Agent Heartbeat Check Minutes Changed

Created when the Agent Heartbeat Check setting (Agent goes offline after being inactive for nn minutes) on the Coordinator Configuration page is modified.

Low

Agent Removed from EMC Auditing Template

Created when a Change Auditor agent is removed from an EMC Auditing template.

Medium

Agent removed from FluidFS auditing template

Created when a Change Auditor agent is removed from a Fluid File System Auditing template.

Medium

Agent Removed from NetApp Auditing Template

Created when a Change Auditor agent is removed from a NetApp Auditing template.

Medium

Agent Removed from SharePoint Auditing Template

Created when a Change Auditor agent is removed from a SharePoint Auditing template.

Medium

Agent Removed from VMware Auditing Template

Created when a Change Auditor agent is removed from a VMware Auditing template.

Medium

Agent Service has more than 100 Events Waiting

Created when the agent has more than 100 events waiting.

Medium

Agent Service has Reached a Critical Load

Created when the agent has reached a critical load and one or more events may have been lost.

High

Agent Service has Returned to Normal Operations

Created when the agent has returned to normal operations.

Low

Archive Job Added

Created when an archive job is added.

Medium

Archive Job Changed

Created when an archive job is modified.

Medium

Archive Job Disabled

Created when an archive job is disabled.

Medium

Archive Job Enabled

Created when an archive job is enabled.

Medium

Archive Job Removed

Created when an archive job is deleted.

Medium

Attribute Added to Active Directory Protection

Created when an individual attribute is added to an Active Directory protection template.

Medium

Attribute Added to ADAM Monitoring

Created when an attribute is added to an ADAM (AD LDS) object’s auditing scope in Change Auditor.

Low

Attribute Added to ADAM Protection

Created when an attribute is added to an ADAM (AD LDS) protection template.

Medium

Attribute Added to Monitoring

Created when an attribute is added to a directory object’s auditing scope in Change Auditor.

Low

Attribute Removed from Active Directory Protection

Created when an attribute is removed from an Active Directory protection template.

Medium

Attribute Removed from ADAM Monitoring

Created when an attribute is removed from an ADAM (AD LDS) object’s auditing scope in Change Auditor.

Low

Attribute Removed from ADAM Protection

Created when an attribute is removed from an ADAM (AD LDS) protection template.

Medium

Attribute Removed from Monitoring

Created when an attribute is removed from an object’s auditing scope in Change Auditor.

Low

Attribute Severity Changed

Created when the severity for an attribute is changed on the Attribute Auditing page in the Administration Tasks tab.

Low

Audit Event Description Changed

Created when the description is changed for a Change Auditor audited event.

Low

Audit Event Disabled

Created when an event is disabled.

Low

Audit Event Enabled

Created when an event is enabled.

Low

Audit Event Results Changed

Created when the results setting for an audit event is changed on the Audit Events page.

Low

Audit Event Severity Changed

Created when the severity level for a Change Auditor audit event is changed.

Low

Auditing Disabled for EMC Path

Created when auditing of an individual audit path (i.e., file, folder or volume) is disabled in an EMC Auditing template.

Medium

Auditing Disabled for File System Path

Created when auditing of an individual file path is disabled in a File System Auditing template.

Medium

Auditing disabled for FluidFS volume

Created when auditing of a a volume is disabled in a Fluid File System Auditing template.

Medium

Auditing Disabled for NetApp Path

Created when auditing of an individual audit path (i.e., file, folder or volume) is disabled in a NetApp Auditing template.

Medium

Auditing Disabled for Registry Object

Created when auditing of an individual registry object is disabled in a Registry Auditing template.

Medium

Auditing Disabled for Service

Created when auditing of an individual service is disabled in a Service Auditing template.

Medium

Auditing Disabled for SharePoint Path

Created when auditing of an individual SharePoint path is disabled in a SharePoint Auditing template.

Medium

Auditing Disabled for SQL Instance

Created when auditing of an individual SQL instance is disabled in a SQL Auditing template.

Medium

Auditing Enabled for EMC Path

Created when auditing of an individual audit path (i.e., file, folder or volume) is enabled in an EMC Auditing template.

Medium

Auditing Enabled for File System Path

Created when auditing of an individual file path is enabled in a File System Auditing template.

Medium

Auditing Enabled for FluidFS volume

Created when auditing of a volume is enabled in a Fluid File System Auditing template.

Medium

Auditing Enabled for NetApp Path

Created when auditing of an individual audit path (i.e., file, folder or volume) is disabled in a NetApp Auditing template.

Medium

Auditing Enabled for Registry Object

Created when auditing of an individual registry object is enabled in a Registry Auditing template.

Medium

Auditing Enabled for Service

Created when auditing of an individual service is enabled in a Service Auditing template.

Medium

Auditing Enabled for SharePoint Path

Created when auditing of an individual SharePoint path is enabled in a SharePoint Auditing template.

Medium

Auditing Enabled for SQL Instance

Created when auditing of an individual SQL instance is enabled in a SQL Auditing template.

Medium

Authentication options changed

Created when the client authentication mode has been changed.

High

Authorized account added to reporting services template

Created when an authorized account is added to a SQL Reporting Services template.

Medium

Authorized account removed from reporting services template

Created when an authorized account is removed from a SQL Reporting Services template.

Medium

Azure Active Directory audit logs auditing disabled

Created when Azure Active Directory audit log auditing is disabled.

Medium

Azure Active Directory audit logs auditing enabled

Created when Azure Active Directory audit log auditing is enabled.

Medium

Azure Active Directory auditing template added

Created when an Azure Active Directory auditing template is added.

Medium

Azure Active Directory auditing template enabled

Created when an Azure Active Directory auditing template is enabled.

Medium

Azure Active Directory auditing template disabled

Created when an Azure Active Directory auditing template is disabled.

Medium

Azure Active Directory auditing template modified

Created when an Azure Active Directory auditing template is modified.

Medium

Azure Active Directory auditing template removed

Created when an Azure Active Directory auditing template is removed.

Medium

Azure Active Directory sign-ins auditing disabled

Created when Azure Active Directory sign-ins auditing is disabled.

Medium

Azure Active Directory sign-ins auditing enabled

Created when Azure Active Directory sign-ins auditing is enabled.

Medium

Azure Active Directory web application created

Created when an Azure AD web application is created on an Azure tenant.

Medium

Azure Active Directory web application and the Change Auditor agent were modified or reset in auditing template

Created when an Azure Active Directory web application and the Change Auditor agent were modified or reset in auditing template

Medium

Azure Active Directory web application modified or reset in auditing template

Created when an Azure web application or application key is changed in an Azure AD template.

Medium

Change Auditor Agent Restarted

Created when a Change Auditor agent is restarted.

Medium

Change Auditor Agent Set Uninstalled

Created when a Change Auditor agent is set as ‘uninstalled’.

Medium

Change Auditor Agent Started

Created when a Change Auditor agent is started.

Medium

Change Auditor Agent Stopped

Created when a Change Auditor agent is stopped.

Medium

Change Auditor Coordinator Set Uninstalled

Created when a Change Auditor coordinator is set as ‘uninstalled’.

Medium

Change Auditor PowerShell Client Logon

Created when a user logs on to Change Auditor using a Change Auditor PowerShell command to create a connection.

Low

Change Auditor SDK Client Logon

Created when an application logs on to Change Auditor using the Change Auditor SDK.

Low

Change Auditor Unknown Client Logon

Created when an unknown client type logs on to Change Auditor using Web Services.

High

Change Auditor Web Client Logon

Created when a user logs on to the Change Auditor web client.

Low

Change Auditor Windows Client Logon

Created when an user logs on to Change Auditor windows client.

Low

Client connectivity disconnect option disabled

Created when the Disconnect all clients after 30 minutes of inactivity option is disabled.

Low

Client connectivity disconnect option enabled

Created when the Disconnect all clients after 30 minutes of inactivity option is enabled.

Low

Email Reply To Changed

Created when the Reply To address is changed in the SMTP Configuration pane of the Coordinator Configuration page.

Low

Email Subject Changed

Created when the Email Subject line is changed in the SMTP Configuration pane of the Coordinator Configuration page.

Low

EMC Auditing cepp.conf Changed

Created when the cepp.conf configuration file is changed using the EMC Auditing wizard.

Medium

EMC Auditing Template Added

Created when a new EMC Auditing template is added to Change Auditor.

Medium

EMC Auditing Template Disabled

Created when an EMC Auditing template is disabled.

Medium

EMC Auditing Template Enabled

Created when an EMC Auditing template is enabled.

Medium

EMC Auditing Template Removed

Created when an EMC Auditing template is removed from Change Auditor.

Medium

EMC Path Added to Auditing Template

Created when an audit path (i.e., file, folder or volume) is added to an EMC Auditing template.

Medium

EMC Path Changed in Auditing Template

Created when an audit path (i.e., file, folder or volume) is changed in an EMC Auditing template.

Medium

EMC Path Removed from Auditing Template

Created when an audit path (i.e., file, folder or volume) is removed from an EMC Auditing template.

Medium

Event Logging Changed

Created when event logging is modified (enabled or disabled) in Change Auditor.

Low

Exchange Container Added to Protection Template

Created when an Exchange container is added to an Exchange Mailbox Protection template.

Medium

Exchange Container Removed from Protection Template

Created when an Exchange container is removed from an Exchange Mailbox Protection template.

Medium

Exchange Mailbox Added to Monitoring

Created when an Exchange mailbox is added to the Exchange Mailbox Auditing list.

Low

Exchange Mailbox Attribute Changed

Created when the scope of coverage or the Non-owner vs. Non-owner or Owner value is changed for a directory object that is included in the Exchange Mailbox Auditing list.

Low

Exchange Mailbox Disabled

Created when the auditing of a directory object’s mailbox is disabled in the Exchange Mailbox Auditing list.

Low

Exchange Mailbox Enabled

Created when the auditing of a directory object’s mailbox is enabled in the Exchange Mailbox Auditing list.

Low

Exchange Mailbox Removed from Monitoring

Created when an Exchange mailbox is removed from the Exchange Mailbox Auditing list.

Low

Exchange Password Changed

Created when the password associated with the Exchange host specified in the SMTP Configuration pane of the Coordinator Configuration page is modified.

Low

Exchange Protection Template Added

Created when an Exchange Mailbox Protection template is added to Change Auditor.

Medium

Exchange Protection Template Disabled

Created when an Exchange Mailbox Protection template is disabled.

Medium

Exchange Protection Template Enabled

Created when an Exchange Mailbox Protection template is enabled.

Medium

Exchange Protection Template Removed

Created when an Exchange Mailbox Protection template is removed from Change Auditor.

Medium

Exchange Shared Mailbox Auto Detection Disabled

Created when the automatic detection of shared mailboxes feature is disabled in Change Auditor.

Low

Exchange Shared Mailbox Auto Detection Enabled

Created when the automatic detection of shared mailboxes feature is enabled in Change Auditor.

Low

Exchange User Defined Shared Mailbox Added

Created when a shared mailbox is added to the Exchange Mailbox Auditing list.

Low

Exchange User Defined Shared Mailbox Attribute Changed

Created when the scope of coverage or the Non-owner vs. Non-owner or Owner value is modified for a shared mailbox that is included in the Exchange Mailbox auditing list.

Low

Exchange User Defined Shared Mailbox Disabled

Created when the auditing of a shared mailbox is disabled in the Exchange Mailbox Auditing list.

Low

Exchange User Defined Shared Mailbox Enabled

Created when the auditing of a shared mailbox is enabled in the Exchange Mailbox Auditing list.

Low

Exchange User Defined Shared Mailbox Removed

Created when a shared mailbox is removed from the Exchange Mailbox Auditing list.

Low

Excluded Account Added to Exclusion Accounts List

Created when an excluded account is added to the Change Auditor auditing scope.

Low

Excluded Account Event Class Added to Monitoring

Created when a new event is added to an Excluded Accounts template.

Low

Excluded Account Event Class Removed from Monitoring

Created when an event is removed from an Excluded Accounts template.

Low

Excluded Account Facility Added to Monitoring

Created when a facility (including all of the events in the facility) is added to an Excluded Accounts template.

Low

Excluded Account Facility Removed from Monitoring

Created when a facility (including all of the events in the facility) is removed from an Excluded Accounts template.

Low

Excluded Account Removed from Exclusion Accounts List

Created when an excluded account is removed from the Change Auditor auditing scope.

Low

Excluded Account Template Added

Created when an Excluded Accounts template is added to Change Auditor.

High

Excluded Account Template Added to Agent Configuration

Created when an Excluded Accounts template is added to an agent configuration definition in Change Auditor.

High

Excluded Account Template Removed

Created when an Excluded Accounts template is removed from Change Auditor.

High

Excluded Account Template Removed From Agent Configuration

Created when an Excluded Accounts template is removed from an agent configuration in Change Auditor.

High

File Protection Template Added to Agent Configuration

Created when a File System Protection template is added to an agent configuration definition.

Low

File System Auditing Template Added

Created when a File System Auditing template is added to Change Auditor.

Medium

File System Auditing Template Added to Agent Configuration

Created when a File System Auditing template is added to an agent configuration definition in Change Auditor.

Low

File System Auditing Template Disabled

Created when a File System Auditing template is disabled.

Medium

File System Auditing Template Enabled

Created when a File System Auditing template is enabled.

Medium

File System Auditing Template Removed

Created when a File System Auditing template is removed from Change Auditor.

Medium

File System Auditing Template Removed from Agent Configuration

Created when a File System Auditing template is removed from an agent configuration definition.

Low

File System Path Added to Auditing Template

Created when a file path is added to a File System Auditing template.

Medium

File System Path Added to Protection Template

Created when a file path is added to a File System Protection template.

Medium

File System Path Changed in Auditing Template

Created when a file path is changed in a File System Auditing template.

Medium

File System Path Changed in Protection Template

Created when a file system path is changed in a File System Protection template.

Medium

File System Path Removed from Auditing Template

Created when a file path is removed from a File System Auditing template.

Medium

File System Path Removed from Protection Template

Created when a file path is removed from a File System Protection template.

Medium

File System Protection Template Added

Created when a File System Protection template is added to Change Auditor.

Medium

File System Protection Template Disabled

Created when a File System Protection template is disabled.

Medium

File System Protection Template Enabled

Created when a File System Protection template is enabled.

Medium

File System Protection Template Removed

Created when a File System Protection template is removed from Change Auditor.

Medium

File System Protection Template Removed from Agent Configuration

Created when a File System Protection template is removed from an agent configuration definition.

Low

FluidFS auditing template added

Created when a Fluid File System template is added to Change Auditor.

Medium

FluidFS auditing template enabled

Created when a Fluid File System template is enabled in Change Auditor.

Medium

FluidFS auditing template disabled

Created when a Fluid File System template is disabled in Change Auditor.

Medium

FluidFS auditing template removed

Created when a Fluid File System template is removed from Change Auditor.

Medium

FluidFS volume changed in auditing template

Created when there are changes made to a a volume that is included in a Fluid File System template.

Medium

FluidFS volume added to auditing template

Created when a volume is added to a Fluid File System template.

Medium

FluidFS volume removed from auditing template

Created when a volume is removed from a Fluid File System template.

Medium

Group Added for Group Membership Expansion

Created when a group is added to the group membership expansion list on the Coordinator Configuration page in Change Auditor.

Low

Group Added to "Member Of Group" Monitoring

Created when a group is added to the Member of Group Auditing list.

Low

Group Membership Expansion Changed

Created when the group membership expansion option is changed on the Coordinator Configuration page in Change Auditor.

Low

Group Policy Added to Protection Template

Created when a group policy is added to a Group Policy Protection template.

Medium

Group Policy Changed in Protection Template

Created when a group policy is changed in a Group Policy Protection template.

Medium

Group Policy Protection Template Added

Created when a Group Policy Protection template is added to Change Auditor.

Medium

Group Policy Protection Template Disabled

Created when a Group Policy Protection template is disabled.

Medium

Group Policy Protection Template Enabled

Created when a Group Policy Protection template is enabled.

Medium

Group Policy Protection Template Removed

Created when a Group Policy Protection template is removed from Change Auditor.

Medium

Group Policy Removed from Protection Template

Created when a group policy is removed from a Group Policy Protection template.

Medium

Group Removed from Group Membership Expansion

Created when a group is removed from the group membership expansion list on the Coordinator Configuration page in Change Auditor.

Low

Group Removed from "Member Of Group" Monitoring

Created when a group is removed from the Member of Group Auditing list.

Low

Host Added to VMware Auditing Template

Created when a host is added to a VMware Auditing template.

Medium

Host Removed from VMware Auditing Template

Created when a host is removed from a VMware Auditing template

Medium

Licensed seats exceeded

Created when an installed Change Auditor licenses is exceeded. The event is generated on coordinator startup and each 24 hours after that when license count is exceeded.

Medium

Monitoring Point Added

Created when an additional (custom) Active Directory object is added to the Change Auditor auditing scope.

Low

Monitoring Point Removed

Created when an additional (custom) Active Directory object or object class is removed from the Change Auditor auditing scope.

Low

Monitoring Scope Disabled

Created when the auditing of a directory object is disabled on the Active Directory Auditing page.

Low

Monitoring Scope Enabled

Created when the auditing of a directory object is enabled on the Active Directory Auditing page.

Low

NetApp Auditing Template Added

Created when a new NetApp Auditing template is added to Change Auditor.

Medium

NetApp Auditing Template Disabled

Created when a NetApp Auditing template is disabled.

Medium

NetApp Auditing Template Enabled

Created when a NetApp Auditing template is enabled.

Medium

NetApp Auditing Template Removed

Created when a NetApp Auditing template is removed from Change Auditor.

Medium

NetApp Path Added to Auditing Template

Created when an audit path (i.e., file, folder or volume) is added to a NetApp Auditing template.

Medium

NetApp Path Changed in Auditing Template

Created when an audit path is changed in a NetApp Auditing template.

Medium

NetApp Path Removed from Auditing Template

Created when an audit path (i.e., file, folder or volume) is removed from a NetApp Auditing template.

Medium

Object Added to Active Directory Protection Template

Created when an object is added to an Active Directory Protection template.

Medium

Object Added to ADAM Protection Template

Created when an object is added to an ADAM (AD LDS) Protection template.

Medium

Object Changed in Active Directory Protection Template

Created when an object is modified in an Active Directory Protection template.

Medium

Object Changed in ADAM Protection Template

Created when an object is modified in an ADAM (AD LDS) Protection template.

Medium

Object Removed from Active Directory Protection Template

Created when an object is removed from an Active Directory Protection template.

Medium

Object Removed from ADAM Protection Template

Created when an object is removed from an ADAM (AD LDS) Protection template.

Medium

Office 365 auditing template added

Created when an Office 365 auditing template is added to Change Auditor.

Medium

Office 365 auditing template agent changed

Created when the agent for an existing Office 365 auditing template is changed. The event details include the old and new agent FQDN.

Medium

Office 365 auditing template disabled

Created when an Office 365 auditing template is disabled.

Medium

Office 365 auditing template enabled

Created when an Office 365 auditing template is enabled.

Medium

Office 365 auditing template removed

Created when an Office 365 auditing template is removed from Change Auditor.

Medium

Office 365 auditing web application changed

Created when the web application is changed for an existing Office 365 template. The event details display the old and new web application ID GUID.

Medium

Office 365 auditing web application key changed

Created when the web application key is changed for an existing Office 365 template.

Medium

Office 365 Exchange Online “All mailboxes for non-owner events” auditing setting disabled

Created when the “All mailboxes for non-owner events” auditing setting is disabled in an existing Office 365 auditing template.

Medium

Office 365 Exchange Online “All mailboxes for non-owner events” auditing setting enabled

Created when the “All mailboxes for non-owner events” auditing setting is enabled in an existing Office 365 auditing template.

Medium

Office 365 Exchange Online administrative activity auditing setting disabled

Created when the Administrative Activity setting is disabled for an existing Office 365 template.

Medium

Office 365 Exchange Online administrative activity auditing setting enabled

Created when the Administrative Activity setting is enabled for an existing Office 365 template.

Medium

Office 365 Exchange Online auditing configuration account changed

Created when the Exchange Administration account used to configure an existing Office 365 auditing template is changed.

Medium

Office 365 Exchange Online auditing configuration account password changed

Created when the Exchange Administration account password used to configure auditing an existing Office 365 auditing template is changed.

Medium

Office 365 Exchange Online auditing disabled

Created when Exchange Online is disabled in an Office 365 auditing template.

Medium

Office 365 Exchange Online auditing enabled

Created when Exchange Online is enabled in an Office 365 auditing template.

Medium

Office 365 Exchange Online mailbox added to auditing template

Created when a mailbox is added to an existing Office 365 auditing template.

Medium

Office 365 Exchange Online mailbox
auditing configuration changed by an
external application

Created when the following auditing parameters
(AuditEnabled, AuditOwner, AuditAdministrator,
AuditDelegate) are changed by an application other than Change Auditor. The configuration for the tenant will be reset to settings in the Office 365 auditing template.

High

Office 365 Exchange Online mailbox auditing configuration failure

Created (at most once every 8 hours) when errors occur trying to reconfigure the auditing properties of an Office 365 Exchange Online mailbox. This typically indicates that the mailbox has been deleted since being added to the auditing template.

High

Office 365 Exchange Online mailbox auditing type changed

Created when the type of activity to audit for a mailbox has changed in a template.

Medium

Office 365 Exchange Online mailbox removed from auditing template

Created when a mailbox is removed from an existing Office 365 auditing template.

Medium

Office 365 OneDrive for Business auditing disabled

Created when OneDrive for Business is disabled in an Office 365 auditing template.

Medium

Office 365 OneDrive for Business auditing enabled

Created when OneDrive for Business is enabled in an Office 365 auditing template.

Medium

Office 365 SharePoint Online auditing disabled

Created when SharePoint Online is disabled in an Office 365 auditing template.

Medium

Office 365 SharePoint Online auditing enabled

Created when SharePoint Online is enabled in an Office 365 auditing template.

Medium

Override Account Added to Active Directory Protection Template

Created when an override account is added to an Active Directory Protection template.

Medium

Override Account Added to ADAM Protection Template

Created when an override account is added to an ADAM Protection template.

Medium

Override Account Added to Exchange Protection Template

Created when an override account is added to an Exchange Protection template.

Medium

Override Account Added to File System Protection Template

Created when an override account is added to a File System Protection template.

Medium

Override Account Added to Group Policy Protection Template

Created when an override account is added to a Group Policy Protection template.

Medium

Override Account Removed from Active Directory Protection Template

Created when an override account is removed from an Active Directory Protection template.

Medium

Override Account Removed from ADAM Protection Template

Created when an override account is removed from an ADAM Protection template.

Medium

Override Account Removed from Exchange Protection Template

Created when an override account is removed from an Exchange Protection template.

Medium

Override Account Removed from File System Protection Template

Created when an override account is removed from a File System Protection template.

Medium

Override Account Removed from Group Policy Protection Template

Created when an override account is removed from a Group Policy Protection template.

Medium

Override Accounts Active Directory Protection Template Allow

Created when the override accounts in an Active Directory protection template are set to allow (specifying that accounts are to be excluded from protection).

Medium

Override Accounts Active Directory Protection Template Deny

Created when the override accounts in an Active Directory protection template are set to deny (specifying that accounts are to be included in protection).

Medium

Override Accounts ADAM Protection Template Allow

Created when the override accounts in an ADAM protection template are set to allow (specifying that accounts are to be excluded from protection).

Medium

Override Accounts ADAM Protection Template Deny

Created when the override accounts in an ADAM protection template are set to deny (specifying that accounts are to be included in protection).

Medium

Override Accounts Exchange Protection Template Allow

Created when the override accounts in an Exchange protection template are set to allow (specifying that accounts are to be excluded from protection).

Medium

Override Accounts Exchange Protection Template Deny

Created when the override accounts in an Exchange protection template are set to deny (specifying that accounts are to be included in protection).

Medium

Override Accounts File System Protection Template Allow

Created when the override accounts in a File System protection template are set to allow (specifying that accounts are to be excluded from protection).

Medium

Override Accounts File System Protection Template Deny

Created when the override accounts in a File System protection template are set to deny (specifying that accounts are to be included in protection).

Medium

Override Accounts Group Policy Protection Template Allow

Created when the override accounts in a Group Policy protection template are set to allow (specifying that accounts are to be excluded from protection).

Medium

Override Accounts Group Policy Protection Template Deny

Created when the override accounts in a Group Policy protection template are set to deny (specifying that accounts are to be included in protection).

Medium

Private Report Disabled

Created when reporting is disabled for a private search query (that is, a search created in a user’s Private folder) using the Private Alerts and Reports page on the Administration Tasks tab.

Low

Private User Alert Disabled

Created when an alert is disabled for a private search query (that is, a search created in a user’s Private folder) using the Private Alerts and Reports page on the Administration Tasks tab.

Low

Process Added to File System Auditing

Created when a process is added to a File System Auditing template.

Medium

Process Removed from File System Auditing

Created when a process is removed from a File System Auditing template.

Medium

Protection Disabled for Active Directory Object

Created when protection for an Active Directory object is disabled in an Active Directory Protection template.

Medium

Protection Disabled for ADAM Object

Created when protection for an ADAM (AD LDS) object is disabled in an ADAM (AD LDS) Protection template.

Medium

Protection Disabled for File System Path

Created when protection for a file path is disabled in a File System Protection template.

Medium

Protection Enabled for Active Directory Object

Created when protection for an Active Directory object is enabled in an Active Directory Protection template.

Medium

Protection Enabled for ADAM Object

Created when protection for an ADAM (AD LDS) object is enabled in an Active Directory Protection template.

Medium

Protection Enabled for File System Path

Created when protection for a file path is enabled in a File System Protection template.

Medium

Protection for Exchange Container Disabled

Created when protection for an Exchange mailbox is disabled in an Exchange Mailbox Protection template.

Medium

Protection for Exchange Container Enabled

Created when protection for an Exchange mailbox is enabled in an Exchange Mailbox Protection template.

Medium

Protection for Group Policy Disabled

Created when protection for a group policy object is disabled in a Group Policy Protection template.

Medium

Protection for Group Policy Enabled

Created when protection for a group policy object is enabled in a Group Policy Protection template.

Medium

Public Report Disabled

Created when reporting is disabled for a shared search query (that is, a search in a Shared folder).

Low

Public Report Enabled

Created when a reporting is enabled for a shared search query (that is, a search in a Shared folder).

Low

Public User Alert Changed

Created when an alert is changed in Change Auditor for a shared search query (that is, a search in a Shared folder).

Low

Public User Alert Disabled

Created when an alert is disabled in Change Auditor for a shared search query (that is, a search in a Shared folder).

Low

Public User Alert Enabled

Created when an alert is enabled in Change Auditor for a shared search query (that is, a search in a Shared folder).

Low

Public User Search Created

Created when a public user search is created in Change Auditor.

Low

Public User Search Deleted

Created when a public user search is deleted from Change Auditor.

Low

Public User Search Modified

Created when a public user search is modified in Change Auditor.

Low

Purge Job Added

Created when a scheduled purge job is added.

Medium

Purge Job Changed

Created when a scheduled purge job is modified.

Medium

Purge Job Disabled

Created when a scheduled purge job is disabled.

Medium

Purge Job Enabled

Created when a scheduled purge job is enabled.

Medium

Purge Job Removed

Created when a scheduled purge job is deleted.

Medium

Purge and Archive Job Added

Created when a scheduled purge and archive job is added.

Medium

Purge and Archive Job Changed

Created when a scheduled purge and archive job is modified.

Medium

Purge and Archive Job Disabled

Created when a scheduled purge and archive job is disabled.

Medium

Purge and Archive Job Enabled

Created when a scheduled purge and archive job is enabled.

Medium

Purge and Archive Job Removed

Created when a scheduled purge and archive job is deleted from the Purge Jobs page on the Administration Tasks tab.

Medium

Refresh Frequency for Group Membership Changed

Created when the Refresh Group Membership Every nnn Minutes setting is changed on the Coordinator Configuration page in Change Auditor.

Low

Refresh Frequency for the List of Expanded Groups Changed

Created when the Refresh the List of Expanded Groups Every nnn Minutes setting is changed on the Coordinator Configuration page in Change Auditor.

Low

Registry Auditing Template Added

Created when a Registry Auditing template is added to Change Auditor.

Medium

Registry Auditing Template Added to Agent Configuration

Created when a Registry Auditing template is added to an agent configuration definition.

Low

Registry Auditing Template Disabled

Created when a Registry Auditing template is disabled.

Medium

Registry Auditing Template Enabled

Created when a Registry Auditing template is enabled.

Medium

Registry Auditing Template Removed

Created when a Registry Auditing template is removed from Change Auditor.

Medium

Registry Auditing Template Removed from Agent Configuration

Created when a Registry Auditing template is removed from an agent configuration definition.

Low

Registry Object Added to Auditing Template

Created when a registry object is added to a Registry Auditing template.

Medium

Registry Object Changed in Auditing Template

Created when a registry object is changed in a Registry Auditing template.

Medium

Registry Object Removed from Auditing Template

Created when a registry object is removed from a Registry Auditing template.

Medium

Report Layout Added

Created when a report layout is added to the Report Layouts page on the Administration Tasks tab.

Medium

Report Layout Changed

Created when a report layout is modified.

Medium

Report Layout Removed

Created when a report layout is deleted from the Report Layouts page on the Administration Tasks tab.

Medium

SDK Agent Added

Created when an agent (machine where the audit event occurred) is added using the software development kit.

Medium

SDK Event Class Added

Created when a new user-defined event class (type of audit event) is added to Change Auditor using the software development kit.

Medium

SDK Event Class Modified

Created when a user-defined event class is modified using the software development kit.

Medium

SDK Event Class Removed

Created when a user-defined event class is removed from Change Auditor using the software development kit.

Medium

SDK Facility Added

Created when a new user-defined facility (category of an event class) is added to Change Auditor using the software development kit.

Medium

SDK Facility Modified

Created when a user-defined facility is modified (e.g., new events are added or removed) using the software development kit.

Medium

SDK Facility Removed

Created when a user-defined facility is removed from Change Auditor using the software development kit.

Medium

SDK Machine Added

Created when a workgroup server (machine where the audit event occurred) is added using the software development kit. (Used in ADAM (AD LDS) configurations only.)

Medium

Service Added to Auditing Template

Created when a service is added to a Service Auditing template.

Medium

Service Auditing Template Added

Created when a Service Auditing template is added to Change Auditor.

Medium

Service Auditing Template Added to Agent Configuration

Created when a Service Auditing template is added to an agent configuration definition.

Low

Service Auditing Template Changed

Created when a Service Auditing template is modified.

Medium

Service Auditing Template Disabled

Created when a Service Auditing template is disabled.

Medium

Service Auditing Template Enabled

Created when a Service Auditing template is enabled.

Medium

Service Auditing Template Removed

Created when a Service Auditing template is removed from Change Auditor.

Medium

Service Auditing Template Removed from Agent Configuration

Created when a Service Auditing template is removed from an agent configuration definition.

Low

Service Removed from Auditing Template

Created when a service is removed from a Service Auditing template.

Medium

SharePoint Auditing Template Added

Created when a SharePoint Auditing template is added in Change Auditor.

Medium

SharePoint Auditing Template Disabled

Created when a SharePoint Auditing template is disabled.

Medium

SharePoint Auditing Template Enabled

Created when a previously disabled SharePoint Auditing template is enabled.

Medium

SharePoint Auditing Template Removed

Created when a SharePoint Auditing template is removed from Change Auditor.

Medium

SharePoint Event Added

Created when a SharePoint event is added to a SharePoint Auditing template.

Medium

SharePoint Event Removed

Created when a SharePoint event is removed from a SharePoint Auditing template.

Medium

SharePoint Facility Added

Created when a SharePoint facility is added to a SharePoint Auditing template

Medium

SharePoint Facility Removed

Created when a SharePoint facility is removed from a SharePoint Auditing template.

Medium

SharePoint Path Added to Auditing Template

Created when a SharePoint path is added to a SharePoint Auditing template.

Medium

SharePoint Path Changed in Auditing Template

Created when a SharePoint path is modified in a SharePoint Auditing template.

Medium

SharePoint Path Removed From Auditing Template

Created when a SharePoint path is removed from a SharePoint Auditing template.

Medium

Skype for Business auditing template added

Created when Skype for Business auditing template is added to Change Auditor.

Medium

Skype for Business auditing template modified.

Created when Skype for Business auditing template is modified.

Medium

Skype for Business auditing template removed

Created when Skype for Business auditing template is removed from Change Auditor.

Medium

Skype for Business auditing template enabled

Created when Skype for Business auditing template is enabled in Change Auditor.

Medium

Skype for Business auditing template disabled

Created when Skype for Business auditing template is disabled in Change Auditor.

Medium

SMTP Alerting Disabled

Created when the Enable SMTP for Alerts and Reporting check box is cleared in the SMTP Configuration pane of the Coordinator Configuration page.

Low

SMTP Alerting Email Format Changed

The email format (Plain Text or HTML) used for SMTP notifications is changed in the SMTP Configuration pane of the Coordinator Configuration page.

Low

SMTP Alerting Enabled

Created when the Enable SMTP for Alerts and Reporting check box is selected in the SMTP Configuration pane of the Coordinator Configuration page.

Low

SMTP Alerting From Address Changed

Created when the From Address used for SMTP notifications is changed in the SMTP Configuration pane of the Coordinator Configuration page.

Low

SMTP Alerting Server Authentication Disabled

Created when the My Server Requires Authentication check box is cleared in the SMTP Configuration pane of the Coordinator Configuration page.

Low

SMTP Alerting Server Authentication Enabled

Created when the My Server Requires Authentication check box is selected in the SMTP Configuration pane of the Coordinator Configuration page.

Low

SMTP Alerting Server Changed

Created when the mail server used for SMTP alerting and reporting is changed in the SMTP Configuration pane of the Coordinator Configuration page.

Low

SMTP Alerting Server Password Changed

Created when the password associated with the mail server specified in the SMTP Configuration pane of the Coordinator Configuration page is modified.

Low

SMTP Alerting Server Username Changed

Created when the account name associated with the mail server specified in the SMTP Configuration pane of the Coordinator Configuration page is modified.

Low

SMTP Lookup Exchange Account Changed

Created when the account name associated with the Exchange host specified in the SMTP Configuration pane of the Coordinator Configuration page is modified.

Low

SMTP Lookup Exchange Authorization Disabled

Created when the My Host Requires Authentication check box is cleared in the SMTP Configuration pane of the Coordinator Configuration page.

Low

SMTP Lookup Exchange Authorization Enabled

Created when the My Host Requires Authentication check box is selected in the SMTP Configuration pane of the Coordinator Configuration page.

Low

SMTP Lookup Exchange Email Changed

Created when the email address associated with the Exchange host in the SMTP Configuration pane of the Coordinator Configuration page is modified.

Low

SMTP Lookup Exchange Host Changed

Created when the Exchange host in the SMTP Configuration pane of the Coordinator Configuration page is modified

Low

SMTP Lookup Exchange Password Changed

Created when the password associated with the Exchange host specified in the SMTP Configuration pane of the Coordinator Configuration page is modified.

Low

SMTP Lookup Exchange Version Changed

Created when the version number associated with the Exchange host in the SMTP Configuration pane of the Coordinator Configuration page is modified.

Low

SMTP Ssl Disabled

Created when the Enable SSL check box is cleared in the SMTP Configuration pane of the Coordinator Configuration page.

Low

SMTP Ssl Enabled

Created when the Enable SSL check box is selected in the SMTP Configuration pane of the Coordinator Configuration page.

Low

SQL Auditing Template Added

Created when a new SQL Auditing template is added to Change Auditor.

Medium

SQL Auditing Template Added to Agent Configuration

Created when a SQL Auditing template is added to an agent configuration definition.

Low

SQL Auditing Template Disabled

Created when a SQL Auditing template is disabled.

Medium

SQL Auditing Template Enabled

Created when a SQL Auditing template is enabled.

Medium

SQL Auditing Template Removed

Created when a SQL Auditing template is removed from Change Auditor.

Medium

SQL Auditing Template Removed from Agent Configuration

Created when a SQL Auditing template is removed from an agent configuration definition.

Low

SQL Data Level Auditing Template Added

Created when a new SQL Data Level Auditing template is created.

Medium

SQL Data Level Auditing Template Deleted

Created when a SQL Data Level Auditing template is removed.

Medium

SQL Data Level Auditing Template Enabled

Created when a SQL Data Level Auditing template is enabled.

Medium

SQL Data Level Auditing Template Disabled

Created when a SQL Data Level Auditing template is disabled.

Medium

SQL Data Level Auditing Template Modified

Created when a SQL Data Level Auditing template is modified.

Medium

SQL Event Added

Created when a SQL event is added to a SQL Auditing template.

Medium

SQL Event Removed

Created when a SQL event is removed from a SQL Auditing template.

Medium

SQL Facility Added

Created when a SQL facility is added to a SQL Auditing template.

Medium

SQL Facility Removed

Created when a SQL facility is removed from a SQL Auditing template.

Medium

SQL Filter Added

Created when a SQL filter is added to a SQL Auditing template.

Medium

SQL Filter Removed

Created when a SQL filter is removed from a SQL Auditing template.

Medium

SQL Instance Added

Created when a SQL instance is added to a SQL Auditing template.

Medium

SQL Instance Removed

Created when a SQL instance is removed from a SQL Auditing template.

Medium

SQL Reporting Services template added

Created when a SQL Reporting Services template is added to Change Auditor.

Medium

SQL Reporting Services template disabled

Created when a SQL Reporting Services template is disabled.

Medium

SQL Reporting Services template enabled

Created when a SQL Reporting Services template is enabled

Medium

SQL Reporting Services template removed

Created when a SQL Reporting Services template is removed from Change Auditor.

Medium

SRS URL added to reporting services template

Created when an SRS URL is added to a SQL Reporting Services template.

Medium

SRS URL attribute changed

Created when an SRS URL attribute is modified in a SQL Reporting Services template.

Low

The Number of Groups to Expand per Cycle Changed

Created when the Number of Groups to Expand Every 5-Minute Cycle setting is changed on the Coordinator Configuration page in Change Auditor.

Low

VMware Auditing Template Added

Created when a VMware Auditing template is added to Change Auditor.

Medium

VMware Auditing Template Disabled

Created when a VMware Auditing template is disabled.

Medium

VMware Auditing Template Enabled

Created when a previously disabled VMware Auditing template is enabled.

Medium

VMware Auditing Template Removed

Created when a VMware Auditing template is removed from Change Auditor.

Medium

Custom Registry Monitoring

Binary Registry Value Added

Created when a binary value is added to a registry key.

Medium

Binary Registry Value Changed

Created when a binary value is changed in a registry key.

Medium

Binary Registry Value Deleted

Created when a binary value is deleted from a registry key.

Medium

Numeric Registry Value Added

Created when a numeric value is added to a registry key.

Medium

Numeric Registry Value Changed

Created when a numeric value is changed in a registry key.

Medium

Numeric Registry Value Deleted

Created when a numeric value is deleted from a registry key.

Medium

Registry Key Added

Created when a registry key is added.

Medium

Registry Key DACL Changed

Created when the DACL for a registry key is modified.

Medium

Registry Key Deleted

Created when a registry key is deleted.

Medium

Registry Key Owner Changed

Created when the owner of a registry key is modified.

Medium

Registry Key SACL Changed

Created when the SACL for a registry key is modified.

Medium

String Registry Value Added

Created when a string value is added to the registry key.

Medium

String Registry Value Changed

Created when a string value is changed in the registry key.

Medium

String Registry Value Deleted

Created when a string value is deleted from the registry key.

Medium

自助服务工具
知识库
通知和警报
产品支持
下载软件
技术说明文件
用户论坛
视频教程
联系我们
获得许可 帮助
技术支持
查看全部
相关文档