Audit Search Criteria
The search fields are inclusive or "AND" type searches. Only actions matching values specified in all fields are included in the search results.
To limit the search results, use search criteria. If you do not type information or make a selection in a search criteria field, all possible choices are included. For example, if you do not provide a type in the Type field, events with any action type are included.
Specify the search criteria and columns to display and click Run Search to display the search results. From the search results page, you can review the results of your search and save the search. See Search Results.
Criteria |
Description |
Saved Searches: |
|
Search Name |
The names of past searches that you saved to reuse at a later time. These Saved Searches are only available for your use. To make searches available to users with Report access, save the search as a report. |
Loaded Saved Search: |
|
The name and description of your current saved query. |
|
Run Search |
Run the search with the criteria displayed on the current page. If you have modified the criteria of the Loaded Saved Search, the modified criteria is used for the search. |
Clear Search |
Unload the Loaded Saved Search and clear all query options. |
Delete Search |
Delete the specified Loaded Saved Query. |
Audit Attributes: |
|
Action |
The action that was performed, for example, login, delete or signoff. |
Source |
The string that identifies the source of the event. The source is generally the name of an Identity object. The source can also be a less specific name such as, "scheduler" or "system." When the event occurs during an interactive session with the IdentityIQ Web application, identity names are used. When background tasks or anonymous requests are not run for a specific identity, abstract names are used. |
Application |
Type manually or use the dropdown list to select an audited application. |
Instance |
Type manually or use the dropdown list to select an instance of a specified audited application. |
Attribute Name |
Type manually or use the dropdown list to select an audited attribute name. |
Attribute Value |
Type manually or use the dropdown list to select a value of a specific audited attribute. |
Target |
The object that was acted upon. |
Account Name |
Type manually or use the dropdown list to select an audited account name. |
Filter by Date: |
|
Start Date |
Include information on events that occurred on or after this date in the search results. |
End Date |
Include information on events that occurred on or before this date in the search results. |
Fields to Display |
Specify the information displayed on the Audit Search Results page associated with this search. You must select at least one field to display on the results page. |