Reading Records in Auditing

Each record includes a date when the activity took place, the source, what was made, the user who made the change, and the item or object that was affected.

And more:

  • Source-specific details: To get more information, click on the record—the details will expand on the right. Here you will see the data specific to your source. For example, the folder name for File System, AD DN for Active Directory, or the tenant name for Azure AD.

  • Failed attempts: The sign next to What indicates that the attempt to perform the action has failed.

Note: You might see several records with events that occurred at the same time up to seconds—for example "create user" with subsequent "modify user". Typically they represent a single, one-time action. The reason why Cygna Auditor displays it as several records is that Windows actually generates several events in response to your actions.