Searching for Specific Events
If you are looking for specific events, e.g., changes to user groups, activity on a certain server performed by a single user, it does not make sense to review all change records. You can jump right to inspecting changes you are interested in. With flexible search parameters, you can construct a search query that fits your auditing needs.
The search conditions describe what you are looking for. Each entry consists of three fields: the filter, the match type, and the value. You can add as many search entries to your search as you want, Cygna Auditor will look for records that match all search conditions at once.
FIELD |
DESCRIPTION |
---|---|
Filter |
The filter corresponds to the type of information you are searching for. For example, user, server, or when. Some filters are specific to the source, e.g., mailbox folder is for Exchange Online only and region display name is for AWS only. Such filters are grouped under the data source name. If you are paying attention to the activity outcome, if the change action was successful or failed, you can leverage the Action result filter. |
Match type (comparison operator) |
The match type defines if you are looking for an exact entry (is) or for any entry containing the searched value (contains). You can also search for an entry that starts with or ends with a certain value. The exact and broad search can be negative as well (is not and does not contain). When you are searching for sources, you can leverage the following match types: is any of and is not any of. They enable you to specify several sources from the list and to search for changes in any of these sources or in all sources except selected correspondingly. When filtering events by time (the When filter), you can choose from the following match types: is today, is after, is before , is between for time range, and is in the last X days. |
Value |
The value field is the area where you specify a value to be searched. For example, the name of a user or a date range. Depending on the filter, you can select a value from the drop-down list or enter it manually. |
You customize your search query on the go and delete entries you no longer need by clicking the red cross next to the line you'd like to delete.