Distilling Results

As you audit changes, you may want to hide some events that are irrelevant for now and focus on those that matter the most. For example, once you have the general understanding of activity in your environment, you may want to examine some events more closely. Cygna Auditor enables you to adjust your search on the fly, right from the pane that displays data. Cygna Auditor will add search conditions accordingly and update search results immediately.

To narrow down your search results to events of a certain type, e.g., made by a certain user account or specific changes, hover a mouse over this piece of data, and select the green plus icon. In this case, Cygna Auditor will limit the search to entries containing the value you specified.

This technique will be handy for you if you prefer to move from a broad search to individual events or when you discover a potentially harmful activity and want to explore similar events. For example, you found that some non-administrative user modified a group in your Active Directory domain. To facilitate further security investigation, you include this user to your search to see all changes this user made. You can repeat this "narrow down" technique over and over again until you distill the changes you are looking for.