This section gives examples of using the Chart View and the Grid View.
Arvanti is responsible for the organization's Active Directory server. She uses Change Guardian to monitor changes happening on the Active Directory deployment by using the Change Guardian dashboard. She uses the default filter to view all the unmanaged or unauthorized events of the previous day.
One morning, Arvanti finds that the chart view displays an increase in the average number of change events in the past one day. She reviews events dashboard specific to the Active Directory, and observes that these set of change events are initiated by three users. She reviews the Top Users list and the Top Events, and finds that there are higher than usual User account was created
event. She selects the User account was created
event to analyze the event details and investigate all User account created
events in the last one day.
Mandy routinely analyzes change events and prefers to directly work with event data. One day she gets an input from her peer that there had been some unusual activities on the Microsoft Exchange server over the weekend, mostly on Sunday.
Mandy opens the Change Guardian dashboard and modifies the filter to view all change events from Sunday 6:00 a.m. to 6:00 p.m. She selects the Microsoft Exchange events and switches to Grid View.
In the Grid View, Mandy first groups events by Event Name. She observes that there are unusually higher number of Mailbox Create and Mailbox Delete
events. To get into further details, Mandy expands the list of Mailbox Create
events and starts reviewing the details of each event such as, who created the mailbox, what mailbox was created, from where the user logged in, and what time this event occurred. Mandy identifies one suspicious user who made multiple changes and she modifies the filter back to past one week to view the events made by the suspicious user. She reviews all the activities performed by the user to analyze for any security breach.