You can generate event report to find the event details that includes who initiated the change, what is the change, and where the change occurred. You can filter events by grouping events by their severity, name, time stamp, and so on. You can add or removed columns and group the events by any column name and export it to a CSV file in zipped format.
To generate reports:
Open the following URL:
https://<IP_Address_Change_Guardian_server:<port_number>
The default port is 8443. You can use a custom port if Change Guardian was installed with custom configurations.
Open REPORTS > Event Report.
Event Report
Mandy routinely analyzes change events and prefers to directly work with event data. One day she gets an input from her peer that there had been some unusual activities on the Microsoft Exchange server over the weekend, mostly on Sunday.
Mandy opens the Events dashboard and modifies the filter to view all change events from Sunday 6:00 a.m. to 6:00 p.m. She selects the Microsoft Exchange events and click Total Events. This opens the Events Summary report under REPORTS > Event Report.
Mandy first groups events by Event Name. She observes that there are unusually higher number of Mailbox Create and Mailbox Delete
events. To get into further details, Mandy expands the list of Mailbox Create
events and starts reviewing the details of each event such as, who created the mailbox, what mailbox was created, from where the user logged in, and what time this event occurred. Mandy identifies one suspicious user who made multiple changes and she modifies the filter back to past one week to view the events made by the suspicious user. She saves the report as CSV and reviews it to check the activities performed by the user to analyze for any security breach.
NOTE:The GenerationTime column provides the timestamp at which an action was performed on the asset, while EventTime provides the timestamp at which Change Guardian collected the corresponding event. To view the time stamp for UNIX events, add EventTime column.