Change Guardian provides Events Dashboards to view events. An event contains information such as name of the event, who generated the event and where, the change that triggered the event having the before and after values, and the Change Guardian policy that triggered the event. You can analyze the event and take preventive steps to protect your organization from malicious attempts.
The dashboard provides the following information:
Events generated for each asset or application
Events based on severity
The users and assets that generated the most events
The most common events, and the most common policy violation that resulted in events
Filtered view of the above based on the number of days
To open the dashboard:
Open the following URL:
https://<IP_Address_Change_Guardian_server:<port_number>
The default port is 8443. You can use a custom port if Change Guardian was installed with custom configurations.
Open DASHBOARDS > EVENTS.
NOTE:Ensure that the appropriate policies are created in Policy Editor to receive the desired events.
To save events details to a CSV file in zipped format, see Generating Event Report.
If you want to analyze whether the right set of policies are associated to the assets, you can generate a report Policies and Agents mapping
. For more information, see Analyzing Policies. Change Guardian policies are refreshed based on the Polling Interval set in Agent Manager. If you modify a policy, the Events Dashboard displays the associated event only after the polling interval has passed.
Arvanti is responsible for the organization's Active Directory server. She uses Change Guardian to monitor changes happening on the Active Directory deployment by using the Events Dashboard. She uses the default filter to view all the unmanaged or unauthorized events of the previous day.
One morning, Arvanti finds that the Event Dashboard displays an increase in the average number of change events in the past one day. She reviews the Event Dashboard specific to Active Directory, and observes that these set of events are initiated by three users. She reviews the Top Users list and the Top Events, and finds that there are higher than usual User account was created
event. She selects the User account was created
event to analyze the event details and investigate all User account created
events in the last one day.