One of the main benefits of Security & Audit is the ability to ‘zoom in’ and ‘zoom out’ when investigating activity. You can get a full view of all events happening in your environment, but the functionality also enables you to drill down into different areas. This allows you to review specific types of activity, or certain groups of users.
There are a few different ways to filter your reports:
- Filter by date: Simply click on the drop-down option in the top right-hand corner, and select the dates you need from the predefined options, or using a custom date range.
- Filter by activity: You can choose to include or exclude certain activities. To do this, decide whether you would like to include or exclude your chosen activities, and add them by clicking into the search box, and finding the ones you need. You can search by typing into the box, or you can browse the available options in the drop-down menu. It is possible to filter by multiple activities, and if you accidentally select one you don’t need, you can click the ‘x’ to remove it – so there’s no need to start again.
- Filter by user: You can filter by user in the same way that you filter by activity. Just choose whether you would like to include or exclude these users, and use the search box to find your users
- Filter by property: To filter by a specific property (such as IP address, application, client, city, country, any many more) click the ‘Add Filter’ button. You will see that three boxes appear:
- A box with a drop-down list of properties to select
- One which contains the following options: equals, does not equal, contains, and does not contain.
- A text box to type in the specific property value you require.
You can add as many filters as you require, and it is also possible to save your filter selections as a ‘Predefined Filter’, so that they can be reused quickly and easily, and there’s no need to reconfigure your requirements.
- Filter by service: The final filtering option is by service. Underneath the date filter, you will be able to see a list of the different service types: Azure Active Directory, Exchange Online, SharePoint Online etc. Simply click on the ‘Workloads’ button to toggle these services on or off to see activity for one or more service.