Introduction to auditing
The Auditing page is used for viewing and managing the auditing data captured by the Security Analytics Engine. This page is also used for overriding a user’s risk score to allow them access to the Security Analytics Engine protected applications for a specified time period.
Auditing page
The Auditing page is displayed when Auditing is clicked on the Reports page or in the left pane (the page link is available after using the expand properties button to the left of Reports). The Auditing page displays a list of the events for the applications currently utilizing the Security Analytics Engine. These results are filtered using the options located at the top of the page.
Filtering options
The following are the filtering options at the top of the page:
|
|
NOTE: Refreshing the screen returns the Auditing page to its default settings. |
From
This field specifies the date to start searching for events. By default, this is the current date. Click anywhere in the field to display a calendar from which to select a date to start searching for events. You can also manually edit the date in the field (mm/dd/yyyy).
To
This field specifies a date to stop searching for events. By default, this is the current date. Click anywhere in the field to display a calendar from which to select a date to stop searching for events. You can also manually edit the date in the field (mm/dd/yyyy).
Application(s)
This drop-down list displays the currently configured applications. Select to display auditing information for all applications or a specific application. By default, auditing events for all applications are displayed.
Max Records
This field is used for setting the maximum number of records (1 to 10000) to return for the search. By default, this is 1000 records.
Search
The Search button updates the Audit Events table located beneath the filtering options.
For more information on using these filtering options, see To filter audit events. For information on filtering individual columns, see To filter data.
Retention settings option
The following button appears in the top right corner of the Auditing page when logged in with an administrator or Fallback account:
Settings
Use this button to open the Audit Settings dialog where you can set the number of days to retain audit events within the database. Entering 0 retains all events indefinitely, otherwise there is a maximum of 1095 days. By default, this is set to 90 days.
|
|
Caution:
Making changes to this setting after auditing has begun will affect the events currently stored in the database. If the new number of days is less than the previous number of days, all auditing information currently stored in the database which does NOT fit within the new range will be permanently deleted. Resetting the number of days back to the previous setting will NOT undo the deletion. If the new number of days is greater than the previous number of days, all events currently in the database will follow the new retention setting. Please note that this is a background task which may take some time. Depending on the number of audit events in the table and the length of time the Auditing page has been open, some of the audit events appearing in the audit events table may no longer exist. You need to refresh the page to ensure that the displayed audit events accurately reflect the events stored in the database. |
