Change Auditor 7.4 - User Guide


	NOTE: The settings set on this page are global settings and apply to all alert/report emails. For alerts you can override the reply to, alert subject, signature and body content for individual search queries using the settings on the Alert tab (Search Properties tabs). For reports, you can override the To and Reply addresses, specify carbon copy (Cc and Bcc) recipients, and modify the subject line for individual search queries using the Report tab (Search Properties tabs).

To enable and configure email notifications/reports:

Open the Administration Tasks page and click Configuration at the bottom of the navigation pane (left pane).

Select Coordinator in the Configuration task list to open the Coordinator Configuration page.

On the Email Alerts Configuration pane, specify the required information.

Table 1. Email Alerts Configuration pane options

Field/Control

Description

Disabled

Select to disable email notifications.

SMTP

Select this to enable SMTP email alert notifications and reporting. When this option is selected, you can specify a mail server and authentication options for the SMTP email configuration.

•

Server Requires Authentication : Select this check box if the specified email server requires authentication and enter the account information as described below.

•

Enable SSL : Select this check box to enable Secure Socket Layer (SSL) encryption protocol to create a secure connection for transmitting data from the email server.

•

Requires Comma-Separated Addresses: Select this option if your SMTP server requires comma separated addresses when multiple recipients are specified.

•

Mail Server: When SMTP is enabled for alerts and reporting, enter the name or IP address of the email server in this text box.

To configure a specific SMTP port, append the email server (SMTP server name or IP address) with a colon and the required port.

Change Auditor sends alerts/reports through a single SMTP (email) relay configuration even when multiple coordinators are configured. That is, all coordinators will use the same email server for sending alert notifications and reports.

•

Account Name : Enter the account name required to authenticate to the specified email server. Instead of entering the account name, you can use the browse button to the far right of the Account Name field to select the account to be used. Clicking this button displays the Select Active Directory Object dialog (Directory object picker). Use the Browse or Search pages to locate the user account to be used to authenticate to the email server.

•

Password : Enter the password associated with the account name entered above. Blank passwords are not allowed.

Microsoft 365 Mail

NOTE: The web application requires Microsoft Graph application permissions (Mail.ReadWrite and Mail.Send) and must have been granted Admin consent.

Select this to enable Microsoft 365 Mail alert notifications and reporting. When this option is selected, you can specify an Azure Directory Name and web application for the email configuration.

•

Azure Directory Name: The name of the Azure Directory for Microsoft 365 Mail.

•

Application ID: The Azure web application ID. If required select Create New to create a new application. (When creating a new web application, the account provided must hold the Global Administrator role in the specified Azure Active Directory.)

•

Application Key: The Azure web application key.

From Address

NOTE: Browsing for an email address is only supported for on-premises Active Directory and Exchange.

NOTE: The From Address value must be an enabled mailbox in the specified Azure Directory when Microsoft 365 mail configuration is selected.

Enter the email address from which alert notifications and reports are to originate.

You can use the browse button to select the user whose email address is to be used for alert notifications and email reports. Clicking this button displays one of the following dialogs:

•

The Select Active Directory Objects dialog (Directory object picker) allows you to locate and select an Active Directory user. Use the Browse or Search page to locate and select an Active Directory user.

This dialog is displayed when no Exchange host is specified in the Coordinator Configuration page.

•

The Select Exchange Users dialog allows you to search for and select a mail-enabled object from the Exchange Global Access List (GAL). On the Exchange tab, enter a name or partial name, at least three characters long, and click the Search button to lookup mail-enabled objects in the GAL. On the Active Directory tab, use the Browse or Search page to locate and select an Active Directory user.

This dialog is displayed when an Exchange host is defined in the Coordinator Configuration page.

Reply To

Enter the address where replies to alert/report emails are to be sent.

You can use the browse button to select the user whose email address is to be used for alert notifications and email reports. Clicking this button displays one of the following dialogs:

•

This dialog is displayed when no Exchange host is specified in the Coordinator Configuration page.

•

The Select Exchange Users dialog allows you to search for and select a mail-enabled object from the Exchange Global Access List (GAL). On the Exchange tab, enter a name or partial name, at least three characters long, and click Search to lookup mail-enabled objects in the GAL. On the Active Directory tab, use the Browse or Search page to locate and select an Active Directory user.

This dialog is displayed when an Exchange host is defined in the Coordinator Configuration page.

Alert Subject

NOTE: This does not apply to email reports.

Enter a customized subject line to replace the default text in the subject line for alert notifications. The default subject line contains the following information:

Change Auditor %Alert_Type% from %Alert_Coordinator_Name%: %Alert_Name%

Where:

%Alert_Type% is either ‘Alert’ or ‘Smart Alert’

%Alert_Coordinator_Name% is the name of the coordinator generating the alert

%Alert_Name% is the name of the alert that fired

Click the browse button to select the variables to insert into the subject line or to reset it back to the default content. Expand the Insert Variable option to insert one or more of the following variables into the subject line:

•

ALERT_NAME

•

ALERT_TIME_SENT

•

ALERT_TYPE

•

ALERT_COORDINATOR_DOMAIN

•

ALERT_COORDINATOR_NAME

•

SMART_ALERT

•

SMART_ALERT_GROUPING

•

SMART_ALERT_OCCURRENCE

•

SMART_ALERT_PERIOD

•

SMART_ALERT_PERIOD_UNIT

•

BATCH_ID

•

EVENT_COUNT

Select Restore To Default to reset the subject line back to the default content. That is, remove any variables that were inserted.

Send Plain Text Email

Select this option to have the email notification sent in plain text format. (Default)

Send HTML Email

Select this option to have the email notification sent in HTML format.

Configure Body

Click this button to define the content of the main body, the event details and the signature to be included in your alert emails.

NOTE: The Alert Body Configuration settings do not apply to email reports. To define the content (columns) to be included in a report, use the Layout tab. In addition, you can use the Report Layouts page (Administration Tasks tab) to create customized report layout template(s) defining the header and footer information to be used in your reports.

Mailbox Search (optional)

Entering the Exchange host information allows you to lookup email recipients from the Exchange GAL in addition to Active Directory. That is, when you click a browse button on the SMTP Configuration pane, Alert Custom Email dialog or Report tab to lookup an email recipient, the Select Exchange Users dialog appears which contains both an Exchange tab and an Active Directory tab.

NOTE: Browsing for an email address is only supported for on-premises Active Directory and Exchange.

•

Exchange Host: Enter the internet host name of the Exchange email server and the Exchange version associated with the specified Exchange host.

•

Email: Enter your full email address.

•

My Host Requires Authentication : Select this check box if the specified Exchange host requires authentication and enter the account name and password.

•

Account Name : Enter the user account name used to log into your email account. You can also use the browse button to select the account to be used. Clicking this button displays the Select Active Directory Object dialog (Directory object picker). Use the Browse or Search pages to locate the user account to be used to authenticate to the Exchange host.

•

Password: Enter the password associated with the account name entered above.

Click Test Mail to test the configuration.

Once the email server configuration is verified, click Apply Changes to save the configuration.

Now that alerting/reporting is enabled and configured, you can enable email alert notifications for individual search definitions using the Alert tab (Search Properties tabs) and/or reporting for individual search definitions using the Report tab (Search Properties tabs).

Customize alert email content

In addition to the customizable fields (Reply To, Alert Subject and Signature) on the Coordinator Configuration dialog, you can use the Configure Body button to define the content to be used in the main body of your alert emails as well as the event details to be included.


	NOTE: When accessed through the Coordinator Configuration page, these settings will apply globally to all alert emails. However, if accessed through the Alert tab, these settings will apply to the selected alert only.


	NOTE: The Alert Body Configuration settings do not apply to email reports. To define the content (columns) to be included in a report, use the Layout tab. In addition, you can use the Report Layouts page (Administration Tasks tab) to create customized report layout templates defining the header and footer information to be used in your reports.

To customize alert email content:

Click Configure Body to display the Alert Body Configuration dialog.

Select the appropriate option (at the bottom of the dialog) to edit either the Plain Text (default) or the HTML representation of the alert emails.

Use the Main Body tab to enter the text to be included and define the overall layout of the alert body.

•

Select the Show Variables check box to display the variables that can be added to the main body of your email.

•

To add a variable, double-click the variable from the Variable list at the bottom of the page. You can also drag and drop a variable from the Variable list into the main body text box.


	NOTE: The event details defined in the Event Details tab are placed in the Main Body pane using the following tag: %EVENT_DETAILS%. This tag should not be removed from the Main Body tab if you want to include the event details in the alert emails.

Use the Event Details tab to specify the event details to be included. That is, you can rearrange the entries, remove entries, or modify text, etc.

•

Select the Show Variables check box to display a list of the variable that can be added to the event details of your alert email.

•

To add a variable, double-click the variable from the Variable list at the bottom of the page. You can also drag and drop a variable from the Variable list into the Event Details text box.


	NOTE: Do not modify the blue text surrounded by percent signs (such as %USERNAME%). These are tags which represent actual data retrieved from the Change Auditor event that triggered the alert. See Change Auditor Email Tags for more information on these tags and the data retrieved by each.

Use the Signature tab to define the content of the signature line to be used in alert emails.

After you have entered the body content and defined the event details and signature line to be included, select the Preview tab to view a sample email using your defined format and content.

Once defined, click OK to save your settings and close the Alert Body Configuration dialog.


	NOTE: Click Restore to Default to revert back to the default email content and format.

Shared Folder Configuration

To allow users to send reports to a shared folder, you must specify credentials to use to write reports and a default shared folder.

To configure the ability to send reports to a shared folder:

Open the Administration Tasks page and click Configuration.

Select Coordinator in the Configuration task list to open the Coordinator Configuration page.

Under Shared Folder Configuration, select Enable Shared Folder for Reporting. Checking this option activates the remaining fields on this page to define the account credentials and folder to use.

Enter the credentials (account name and password) for the coordinator to use to write the reports to a shared folder. The credentials are used to write reports to the default shared folder as well as custom shared folders specified for individual reports.

NOTE: If you are using a group Managed Service Account:

•

The account must end with '$' and the password must be blank.

•

The Windows client must be run as the administrator. (Right-click and select Run as administrator.)

•

The coordinator host must be correctly configured to retrieve the managed password for the specified group Managed Service Account.

•

Select a shared folder to use as the default when users select to enable reporting for a search. Select Test access to ensure that the folder exists and the specified account has permissions to write to it.


	NOTE: If the default shared folder path is updated, it will be used for each report that uses it.

Group Membership Expansion

The middle pane of the Coordinator Configuration page contains options which allow you to define the schedule for expanding nested membership of Active Directory groups that are referenced in searches (Who search criteria) or groups that are defined in the Member of Group feature. Group membership will be recursively enumerated in order to determine nested group membership.

Use the following options to define group membership expansion behavior:

Table 2. Coordinator Configuration page: Group membership expansion options

Options

Description

Select the groups to expand

Select one of the following options to define how you want to expand groups:

•

Expand all groups - This expands all groups in the forest. Use this only if you are using SSIS and need the freedom to make requests for any group in the forest.

•

Expand groups that are referenced in existing queries - Change Auditor must expand all groups in queries in order to get their membership. With the membership, the events for the groups can be retrieved. This is always done and cannot be disabled.

•

Expand groups that are referenced in existing queries and selected groups (default) - In addition to the groups referenced in existing queries, you have the ability to select other groups. This would be useful when you have groups that need expansion for SSIS database requests, but you do not want to burden your production system with expanding all groups in the environment.

Group Membership Expansion list

The Group Membership Expansion list box is only available when the Expand groups that are referenced in existing queries and selected groups option is selected and displays a list of the groups to be expanded. Use Add to add groups to this list box and Remove to remove groups from the list box.

Add

Use to add groups to the group membership expansion list. Clicking this button will display the Select Active Directory Objects dialog allowing you to locate and select the groups to be added.

See Directory object picker for a description of the Browse, Search and Options pages. Note that the Find field on this dialog will display Group and cannot be changed.

Remove

Use to remove the selected group from the group membership expansion list.

Select the refresh frequency

Select from the following options to define how often you want to refresh the group membership expansion list.

Refresh group membership every nnn minutes

By default, group membership will be refreshed every 360 minutes. Use the arrow controls to increase or decrease this value.

Valid range: 10 - 43200

Number of groups to expand every 5-minute cycle

By default, 20 groups will be expanded every 5-minute cycle. Use the arrow controls to increase or decrease this value

Valid range: 1 - 100000

Refresh the list of expanded groups every nnn minutes

By default, the group membership expansion list is refreshed every 180 minutes. Use the arrow controls to increase or decrease this value.