Creating Search Queries
To search for audit data:
Note: The procedure below applies to the Active Directory source. Running search may vary slightly for other sources.
- On the home page, select a source.
- Select Search.
-
Customize your search—create a search query tailored to look for the information you are specifically interested in. Make sure to use full names as filters are designed to search for exact entries (e.g., cygnalabsdemo.com\ian.rush instead of ian.rush). To retrieve all activity, keep the search filters blank.
-
On the Filter tab, specify parameters to narrow down your search results (for example, specify a user name in the Who filter to narrow down your search to activity of a specific user).
- On the Exclusions tab, specify entities you do not care about at the moment and do not want to show up in this search query (for example, a trustworthy administrators group).
- On the Grouping tab, update your grouping preferences if you want to bundle change records based on a certain rule (for example, by user or by action type).
You can run search without filters or exclusions to get all change records for your source.
-
- Select Search. Cygna Auditor will run your query and list all records found based on parameters you specified. For more information on how to view search results, refer to Reading Search Results.