Creating a New Report

Flexible filters of Auditing search can be a great tool for internal auditors and security officers who need to analyze activity patterns and detect threats across the entire environment. Unlike one-off searches constructed from scratch every time, custom reports are preserved in Cygna Auditor so that you and your colleagues can use them later.

You can convert your search into a report right on the Auditing page or go to Reports and click Create to set up a new report. Alternatively, select options next to a report and choose Clone to create a copy of a built-in report that you can modify.

  • On the Edit report details tab, add the report name and description. You can make the report private (available only to you) and specify tags that allow to find it faster.
  • On the Add/Remove filters tab, specify the search query. For your convenience, reports are featuring the same search techniques and data presentation as Auditing. If you are not familiar with these search techniques, refer to Auditing for more information.
  • On the Add/Remove columns tab, toggle column and define what columns will be visible in the table view.
  • On the Manage alert settings tab, specify if you want to monitor such events and get a notification every time is occurs. Provide your email address. Additionally, you can enable Remote Logging and feed collected data to a remote SIEM system.
  • On the View report ownership tab, see who created or modified the report, the timestamps, and the report privacy settings.
  • In the Manage resource delegation pop-up window, grant access to this report to other Active Directory users. You've got an option to choose between read-only and full access.

QUICK TIP: Seeing results just for one source or no search results at all? You are missing required permissions. Discuss your permission set with Cygna Auditor's global administrator.

Note: You might see several records with events that occurred at the same time up to seconds—for example "create user" with subsequent "modify user". Typically they represent a single, one-time action. The reason why Cygna Auditor displays it as several records is that Windows actually generates several events in response to your actions.