立即与支持人员聊天
与支持团队交流

Security Guardian Current - User Guide

Introducing Quest Security Guardian Audit
Configuring Audit Working with Audit
Using the Audit Dashboard Searching for specific event data (Quick Search) Working with critical activity Working with searches Working with alerts and notification templates Auditing Microsoft Entra Auditing Microsoft 365
Findings Tier Zero Objects Shields Up Protection (Prevention) Privileged Objects Managing Workload Identities Assessments Hybrid Audit Security Settings Appendix - Available Audit Search Columns and Filters Appendix - Security Guardian Indicator Details Appendix - Data Collection Details Documentation Roadmap

Copying event details

When selecting an event that has been returned from a search, you can copy the event details to clipboard to paste into another application.

To copy event details

  1. Select the Searches tab.
  2. Locate the required search in the list of categories.
  3. Highlight the search and click the arrow icon to run it.
  4. Click an event to open a new window that contains all the event details.

  5. Select Copy to clipboard to copy all event details to a clipboard.

Modifying a search

You can easily modify a search to gather the information your require as long you have the right to do so.

 

NOTE:

  • Only custom searches can be modified.
  • Built in searches cannot be modified. However, you can create a new search based on it and customize the settings to suit your needs. See Creating a search from an existing search.

To modify a search

  1. Under the Searches tab, select the search.
  2. Click the pencil icon to modify the search. The type of search (private or shared) and the current category is displayed at the top of the search.
  3. Edit the search name, remove, add, edit search criteria as required. Search terms are highlighted in the preview (and search results and event details) to allows you to quickly scan for matches. See Filtering Searchesand Appendix - Available Audit Search Columns and Filters for details.
  4. Change the category, if required by selecting a new category from the drop down list.
  5. Click Edit Columns to rearrange, add, and remove columns as required and select the visualization options.
    1. Drag and drop the columns to change the order.
    2. To add a column, click Add Column.
    3. To remove a column, click the - next to the appropriate column.
    4. Select the Visualize menu ad choose how to visualize the results. You can choose between a Chart & Grid, Grid only, or Chart only. If you select to display as a chart, you can further refine the display by selecting the type of chart and how you want to group and summarize the data.
    5. Click Apply when you are satisfied with the edits.
  6. Select whether this is a private or shared search. Working with private and shared searches.
  7. Click Save to apply the changes.
  8. If required, click Alert, select the required notification template (or create a new one) to notify the required individuals , click Save. See Working with alerts and notification templates

Deleting a search

To remove a search

  1. Select the Searches tab.
  2. Locate the required search in the list of categories.
  3. Highlight the search and click the X icon to delete it.
  4. Click Delete to confirm the removal.

Working with categories

When you create a category, you have the option of selecting whether it will be private or shared.

  • Private categories are only visible to the individual who created them.
  • Shared categories are visible to all Audit users and allow for collaboration with multiple users from the same organization.

By default, the following categories are available:

  • All Private Searches: All private searches belonging to the signed-in user.
  • All Searches: All configured searches.
  • Active Directory: All Active Directory events in the last 24 hours, 7 days, and 30 days.
  • Active Directory Federation Services: Sign-ins and configuration changes made through Active Directory Federation Services.
  • All Events: All events in the last 24 hours and 7 days.
  • Microsoft Entra: Microsoft Entra application, directory, group, role, self-service password, user created, user deleted, and user events in the last 7 days.
  • Best Practices: Sharing operations on important file types and Teams guest access events.
  • Group Policy: Group Policy events.
  • Logon Activity: Logon activity events.
  • Microsoft 365: Microsoft 365 and SharePoint online events.
  • On Demand Audit: All On Demand audit and alert events.
  • Teams: Teams user and administrator activity events.
  • My searches: A built-in private category.

To create a category

NOTE:

  • Private category names must be unique among all categories for each user.

  • Shared category name must be unique among all shared searches in all categories in the organization.

  1. Under the Searches tab, click Add in the Categories field.
  2. Enter the category name.
  3. Select whether the category is private or shared.
  4. Click Add.

To assign a search to a new category

  1. Under the Searches tab, select the search.
  2. Click the pencil icon to modify the search.
  3. Drop down the Category field and select the required category.
  4. Click Save .

To edit the name of a category

  1. Under the Searches tab, select the category.
  2. Highlight the category, and click the pencil icon to the left of the category.
  3. Enter a new name for the category and click Save.
相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级