Audit Search

Use the Audit Search tab to generate searches for audit records for specific time periods and for specific actions, sources, and targets. These searches can find and track events. The information included in the audit logs is different than application activity because the events in the audit log are not associated with an application or data source and may not be associated with a specific identity.

See Audit Search Criteria.

Before the audit logs collect any data to use in an audit search, IdentityIQ must be configured for auditing. Because collecting and storing event information in the audit logs can impact performance, a system administrator must specify the general actions and class actions to audit.

Search results can be saved as reports to reuse at a later time. When you save a search as a report, you can schedule the search on an ongoing basis for monitoring and tracking purposes. See Reports.

Use Advanced Search to create detailed, multi-layered filters to identify specific populations of users in your enterprise. To create complex queries into your Identity Cubes, you can create multiple filters and then group and layer them using And / Or operations.

See Using Advanced Search Options.

When a previous search is saved to use later, the Saved Searches section displays at the top of the page. A saved search has the following information:

Field

Description

Saved Searches:

Search Name

The names of past searches that you saved to reuse at a later time. To view the search results page, click the name of the saved search to view the search results page.

These Saved Searches are only available for your use. To make identity searches available to users with Report access, save the search as a report.

Loaded Saved Search:

The name and description of your current saved query.