7.2 Compliance Audit Rules

Audit rules specify the events to be pulled in to the Compliance Auditor for viewing and authorization. You can specify:

To add or modify a rule, see Section 7.2.1, Adding or Modifying an Audit Rule.

7.2.1 Adding or Modifying an Audit Rule

You can add, modify, and disable audit rules, but you cannot delete them.

  1. Click Compliance Auditor on the home page of the console.

  2. Click Audit Rules in the task pane.

  3. Select one of the following:

    • To add a new rule, click Add Rule in the task pane

    • To modify an existing rule, select the rule, then click Modify Rule.

    • To copy an existing rule and modify it, select the rule, then click Copy Rule.

  4. Configure the following fields:

    Rule Name: Specify a name for your rule.

    Disable: Select the check box to disable the rule.

    By default, disabled rules are not shown in the rule list. You cannot delete a rule.

    Records and All Records: To collect all records, enable the All Records check box, or deselect the All Records option and set the number of records to be collected on each audit run.

    Audit Role: (Optional) Specify the audit role that has been assigned to a group. For configuration information, see Step 5 in Section 7.1, Controlling Access to the Compliance Auditor.

    Run Filter: To determine the time and frequency of each audit run, use the calendar to set the initial date, then set the frequency as required.

    Audit Category: Select the category of events to audit.

    Add Filter: (Optional) Select one or more filters from the Add Filter drop-down list for the type of event you want this rule to pull in, and configure them as required

    The filters and configuration options depend on the Audit Category selected. For example, you can choose to pull in only those Command Control events that have been submitted by a particular user and that include a session capture.

    You can add more than one filter of the same type for filters such as the Command Control Submit User, then select the logic you require from AND or OR. You can also set these filters to be inclusive or exclusive using matches or does not match.

    You can remove a filter by clicking the button to the left of the filter.

  5. Click Finish.