Flexible filters of Auditing search can be a great tool for internal auditors and security officers who need to analyze activity patterns and detect threats across the entire environment. Unlike one-off searches constructed from scratch every time, custom reports are preserved in Cygna Auditor so that you and your colleagues can use them later.
You can convert your search into a report right on the Auditing page or go to Reports and click Create to set up a new report. Alternatively, select options next to a report and choose Clone to create a copy of a built-in report that you can modify.
- On the Edit report details tab, add the report name and description. You can make the report private (available only to you) and specify tags that allow to find it faster.
- On the Add/Remove filters tab specify the search query. For your convenience, reports are featuring the same search techniques and data presentation as Auditing. If you are not familiar with these search techniques, refer to Auditing for more information.
- On the Manage alert settings tab, specify if you want to monitor such events and get a notification every time is occurs. Provide your email address.
Note: You might see several records with events that occurred at the same time up to seconds—for example "create user" with subsequent "modify user". Typically they represent a single, one-time action. The reason why Cygna Auditor displays it as several records is that Windows actually generates several events in response to your actions.