Reading Records in Auditing
Each record includes a date when the activity took place, the source, what was made, the user who made the change, and the item or object that was affected.
Source-specific details: To get more information, click on the record—the details will expand on the right. Here you will see the data specific to your source. For example, the folder name for File System, AD DN for Active Directory, a tenant name for Azure AD, or identity name for AWS.
Rollback: Expand details and recover Azure AD changes based on data from the backup snapshot.
Failed attempts: The sign next to What indicates that the attempt to perform the action has failed. The Action result column also notifies you about the outcome.
Note: You might see several records with events that occurred at the same time up to seconds—for example "create user" with subsequent "modify user". Typically they represent a single, one-time action. The reason why Cygna Auditor displays it as several records is that Windows actually generates several events in response to your actions.