Use Built-in Audit Views

Cygna Auditor for Active Directory ships with a complete set of built-in audit views already created for you to use. Under the Audit Views node, you will see two folders:

  • Built-in: In this folder, there are a variety of views to choose from to look for specific event changes that occurred without having built those views yourself. There are over 200 views in this folder.
  • My Audit Views: This folder is a private user account folder. Any views or subfolders created under this folder are only accessible by the user who created them.

When you select the Audits Views node:

  • A field is provided to search for a built-in view using keywords. For example, message texts or account enabled.
  • You can also search for an audit view by name using keywords in the Search box in the right pane.

Active Directory

The Active Directory audit views are divided into categories such as computer changes, container changes, GPO changes, group changes, OU changes, user changes, etc.

GPO Auditing

The management console provides the ability to audit group policy changes. All data collected on GPO events can be viewed in the Audit Viewer using built-in Audit Views.

The Details window includes all relevant information on the GPO change as well as readable setting values where possible, such as the User Interface Path of the option in Group Policy Management Editor (GPME).

Settings Audited in AD

  • Wired Network (IEEE 802.3) Policies
  • Windows Firewall with Advanced Security
  • Wireless Network (IEEE 802.11) Policies
  • IP Security Policies on Active Directory (domain)

Settings Not Currently Audited

  • Computer Configuration > Policies > Software Settings > Software installation
  • Computer Configuration > Policies > Windows Settings > Scripts
  • Computer Configuration > Preferences
  • User Configuration > Policies > Software Settings > Software installation
  • User Configuration > Policies > Windows Settings > Scripts
  • User Configuration > Policies > Windows Settings > Folder Redirection
  • User Configuration > Preferences

Compliance

The Compliance audit views provide auditing activity that supports various areas of compliance in today’s corporate environments, such as SOX, HIPAA, and FISMA.

Exchange

The Auditor provides audit views for Exchange on Administrative Group Changes, Organization Configuration, and Server Configuration, as well as System Policy Changes made in the last 14 days.

You can right-click on any audit view to cut, copy, or paste the view.

General

The audit views in the General folder provide auditing for activities such as all changes, creations, deletions, and GPO changes made in the last 7 days.