Security Analytics Engine 1.1

From the Home page of the Security Analytics Engine Administration web site, click on the Reports link to open the Reports page. From the Reports page, click the Auditing link to open the Auditing page where you can view and manage the auditing data captured by the Security Analytics Engine. This page is also used for overriding a user’s risk score to allow them access to the Security Analytics Engine protected applications for a specified period of time.

Auditing page

The Auditing page is displayed when Auditing is clicked on the Reports page of the Security Analytics Engine Administration web site.

The Auditing page displays a list of the events for the applications currently utilizing the Security Analytics Engine. These results are filtered using the options located at the top of the page.

Filtering options

The following are the filtering options at the top of the Auditing page:


	NOTE: Refreshing the screen returns the Auditing page to its default settings.

From

This field specifies the date to start searching for events. By default, this is the current date. Click anywhere in the field to display a calendar from which to select a date to start searching for events. You can also manually edit the date in the field (mm/dd/yyyy).

This field specifies a date to stop searching for events. By default, this is the current date. Click anywhere in the field to display a calendar from which to select a date to stop searching for events. You can also manually edit the date in the field (mm/dd/yyyy).

Application(s)

This drop-down list displays the currently configured applications. Select to display auditing information for all applications or a specific application. By default, auditing events for all applications are displayed.

Max Records

This field is used for setting the maximum number of records (1-10000) to return for the search. By default, this is 1000 records.

The Search button updates the Audit Events table located beneath the filtering options.

For more information on using the above filtering options, see To filter audit events. For information on filtering individual columns, see To filter data.

Retention settings option

The following button appears in the top right corner of the Auditing page when logged in with an administrator or Fallback account:

Settings

Use this button to open the Audit Settings dialog where you can set the number of days to retain audit events within the database. Entering 0 will retain all events indefinitely, otherwise there is a maximum of 1095 days. By default, this is set to 90 days.


	CAUTION: Making changes to this setting after auditing has begun will affect the events currently stored in the database. If the new number of days is less than the previous number of days, all auditing information currently stored in the database which does NOT fit within the new range will be permanently deleted. Resetting the number of days back to the previous setting will NOT undo the deletion. If the new number of days is greater than the previous number of days, all events currently in the database will follow the new retention setting. Please note that this is a background task which may take some time. Depending on the number of audit events in the table and the length of time the Auditing page has been open, some of the audit events appearing in the audit events table may no longer exist. You will need to refresh the page to ensure that the displayed audit events accurately reflect the events stored in the database.

Please select your product:

To serve you better, please complete the Purpose of your Chat:

Recommended Solutions for Your Problem

Security Analytics Engine 1.1 - User Guide

Introduction

Auditing page

Filtering options

Retention settings option