File Audit Report Profiles

File Audit Report Profiles allows you to restrict and view reports that are specific to a File Audit Action for a selected Share. File Audit Report Profiles allows you to configure and view Reports of your choice.

Pre-configured profile based reports for File Audit

Click on the File Audit tab and select the Profile Based Reports tab on the left and select your domain, to view the reports listing.

File (or) Folder deleted Folder Permission Changes Folder Audit Settings(SACL) Changes File (or) Folder Modified
File Read Access Failure File Write Access Failure File Delete Access Failure File Read Access success
File (or) Folder Moved (or) Renamed File (or) Folder Copy-N-Pasted File (or) Folder Created

ADAudit Plus hosts a list of pre-configured report profiles, these Report Profiles are provided for users to conveniently understand the functioning of Report Profiles. Profile based reports show domain specific data for the file audit report profiles configured in ADAudit Plus. Based on audit requirements, administrators / users can modify the existing file audit report profiles or configure new report profiles. A Pie / bar chart summarizes the entire list of file audit actions in the selected domain. Details like who created a file, when and from where are deciphered by comparing the snapshot available.

To view Profile Based Reports

  1. Click on File Audit Tab > Profile Based Reports.
  2. Select the Domain > File Audit > Choose Report.
  3. Select the Period (between 1 hr and 23 hours), a custom period can also be defined & saved for easy reference.
  4. A graphical display with detailed events summary lists the audit information for the selected period.
  5. Clicking on an event in the bar graph, filters the report view highlighting only the selected event.
  6. Quick search option can be used for precise filtering.

ADAudit Plus runs a periodic scheduler based on the time mentioned for every domain. For Files Created report alone, the "File Update Schedule" runs everyday at 3 AM. The comparison between the latest data received from the present schedule and the snapshot of the previous day's schedule (time-stamped event log data) provides data on the New Files Created for that day.

The File Update Schedule runs on a daily basis at 3:00 AM and cannot be altered.

Configuring New File Audit Report Profiles

An administrator must select a file audit report profile 'event filter action' and map them with the desired shared objects within the file servers of the selected Domain.

Filter Actions

File Creation File Creation Through Application 2 File Creation-EMC File Deleted - 2012
File Move (or) Rename - NetApp Local File Copy-N-Paste - 2k8 Local File Copy-N-Paste - 2k3 File Permission Modified - EMC/NetApp
File Copy-N-Paste - 2k3 File Move (or) Rename - 2k3 File Copy-N-Paste - 2k8 File Move (or) Rename - 2k8
File Modification For Office Docs File Read Access Denied - NetApp File Delete Access Denied - NetApp File Deleted - NetApp
File Read - NetApp File Modified - EMC/NetApp File Permission Modified - 2k3 File Deleted - 2k3
Successful file / folder read access File Delete Access Denied File Write Access Denied File Read Access Denied
File Modified - Write Data - 2k3 File Modified - 2k8 File Auditing Settings(SACL) Modified - 2k8 File Permission Modified - 2k8
File Deleted- 2k8

Steps to Configure a File Audit Report Profile

    Select the File Audit Action

  1. Click on File Audit tab > File Audit Report Profiles under Configuration

    .
  2. Click on the "New Report Profile" on the top right.
  3. Enter the "Report Profile Name" in the box provided.
  4. Provide a "Description" of the Report Profile in the box provided.
  5. Under Category option, "File Audit" is pre-selected.
  6. Select from the file audit report profile category, filter "Actions".
  7. Provide a check against one or all of the filter "Actions", as needed.
  8. This maps actions for a selected report profile category.

    9. Associate the File Servers / Shares

  9. Select the Domain (From the drop-down menu).
  10. To add shares - Click on the Add Shares link.
  11. From the pop-up, select the file server and click on the "Get Shares" button.
  12. Select the "Shares" to be audited.
  13. Click on OK.
  14. You will receive the below Alert Message. Click Yes for automatic configuration of necessary audit policy or follow the instructions to configure policy manually.
  15. Add more servers and shares to be included to the Report Profile.
  16. Click on Save.
  17. This associates the file shares in the selected Domain to the "File Audit Report Profile Category".

Alert Message

  1. Shares will be added for auditing
  2. Necessary audit Permission(SACL) will be set on Selected Shares
  3. Object Access policy will be enabled for the selected server via a GPO

Any number of filter actions can be configured / added in a selected category. To add / configure new actions for a selected category, use the Advanced Configurations Option
Copyright © 2020, ZOHO Corp. All Rights Reserved.
ManageEngine
Get download link