Veritas Advanced Supervision User Guide

Last Published:
Product(s): Enterprise Vault.cloud (1.0)
  1. Introducing Advanced Supervision
    1.  
      About Advanced Supervision
    2.  
      Advanced Supervision features
    3.  
      About Advanced Supervision system security
    4.  
      Advanced Supervision multi-tier architecture
    5.  
      System requirements
  2. Getting started
    1.  
      Signing in to Advanced Supervision
    2.  
      Signing out from Advanced Supervision
    3.  
      Launching Enterprise Vault.cloud applications
    4.  
      Resetting a forgotten password
  3. Working with dashboard widgets
    1.  
      Understanding the Dashboard page
    2.  
      Viewing status summary of recently reviewed departments
    3.  
      Viewing the review status summary of escalated items
    4.  
      Viewing a summary of completed searches
    5.  
      Viewing a summary of completed exports
  4. Managing departments
    1.  
      About departments
    2.  
      Understanding the Departments page
    3.  
      Searching departments
    4.  
      Creating departments
    5.  
      Moving existing departments under other departments
    6.  
      Adding monitored employees to departments
    7.  
      Editing monitoring policies
    8.  
      Editing department details and monitoring policy
    9.  
      Managing exception employees
    10.  
      Designating employees as exception employee
    11.  
      Assigning further exception reviewers to an exception employee
    12.  
      Removing exception status
    13.  
      Removing exception reviewers
  5. Managing department users
    1.  
      Assigning department reviewers
    2.  
      Removing department reviewers
    3.  
      Adding new roles for users
    4.  
      Removing roles
    5.  
      Managing user assignment to departments
  6. Managing department searches
    1.  
      About searches in Advanced Supervision
    2.  
      Guidelines for effective searches
    3.  
      Creating and running Advanced Supervision searches
    4.  
      Disabling scheduled searches
    5.  
      Using proximity searches
    6.  
      Using fuzzy searches
    7.  
      Previewing search results
    8.  
      Accepting search results
    9.  
      Rejecting a search result
    10.  
      Resubmitting a search
  7. Managing department-specific hotword sets
    1.  
      Overview
    2.  
      Creating department-specific hotword sets
    3.  
      Editing department-specific hotwords and hotword sets
    4.  
      Deleting department-specific hotword sets
  8. Managing department-specific trash rules
    1.  
      Overview
    2.  
      Creating department-specific trash rules
    3.  
      Activating department-specific trash rules
    4.  
      Deactivating department-specific trash rules
    5.  
      Propagating department-specific trash rules
    6.  
      Unpropagating department-specific trash rules
  9. Managing department-specific allowlist rules
    1.  
      Overview
    2.  
      Creating department-specific allowlist rules
    3.  
      Editing department-specific allowlist rules
  10. Viewing employees associated with departments
    1.  
      Viewing employee association history
  11. Managing application-level users, roles, and permissions
    1.  
      Overview
    2.  
      Predefined user roles and permissions
    3.  
      Adding new roles for users
    4.  
      Editing user roles
    5.  
      Deleting user roles
    6.  
      Assigning roles to users
    7.  
      Removing a user role
  12. Managing application-specific hotword sets
    1.  
      Overview
    2.  
      Creating application-specific hotword sets
    3.  
      Editing application-specific hotwords and hotword sets
    4.  
      Deleting application-specific hotword sets
  13. Managing application-specific trash rules
    1.  
      Overview
    2.  
      Creating application-specific trash rules
    3.  
      Activating application-specific trash rules
    4.  
      Deactivating application-specific trash rules
    5.  
      Propagating application-specific trash rules
    6.  
      Unpropagating application-specific trash rules
  14. Managing application-specific allowlist rules
    1.  
      Overview
    2.  
      Creating application-specific allowlist rules
    3.  
      Editing application-specific allowlist rules
  15. Managing data requests
    1.  
      About data request
    2.  
      Creating a new data request
  16. Managing search schedules
    1.  
      Overview
    2.  
      Setting up new search schedules
    3.  
      Setting up one-time search schedules
    4.  
      Example of a one-time search schedule
    5.  
      Setting up recurring search schedules
    6.  
      Example of a recurring search schedule
    7.  
      Editing search schedules
    8.  
      Deleting search schedules
  17. Managing export operations
    1.  
      About exporting items
    2.  
      Performing export runs
  18. Managing reviews
    1.  
      About reviewing with Advanced Supervision
    2.  
      Limitations on reviewing certain types of Skype for Business content
    3.  
      Understanding the Review page
    4.  
      Changing the Review pane position
    5.  
      Filtering the items in the Review pane
    6.  
      Manually reviewing items
    7.  
      Assigning review status to items
    8.  
      Viewing hotwords highlighting
    9.  
      Viewing the full content in a new window
    10.  
      Adding comments to items
    11.  
      Viewing the history of items
    12.  
      Printing the original versions of items
    13.  
      Downloading the original versions of items
  19. Working with reports
    1.  
      About Advanced Supervision reports
    2.  
      Predefined report types
    3.  
      Generating reports
  20. Managing Audit Settings
    1.  
      Audit Settings Overview
    2.  
      Editing the Audit Settings
  21. Working with Audit viewer
    1.  
      About Audit viewer
    2.  
      Performing a search for audit records

Performing a search for audit records

To run a search for audit records

  1. In the left navigation pane, click Audit viewer.

    The Audit Viewer screen is displayed.

  2. In the Date range section, specify the date range for the audit records that fall in this duration.

    The options are as follows:

    • Specific date range - Specify the date and time duration to search audit records that were sent or received during the selected period.

    • Today / Yesterday / Last 7 days / Last 14 days / Last 28 days - Search audit records that are created today, yesterday, or in last 7/14/28 days.

    • Do not filter - Do not search for audit records based on date range.

  3. To search by departments, select the appropriate option:
    • All departments - Search for audit records generated at the department level for all departments where the logged-in user has permission to view audit information

    • Select department(s) - Search for audit records for specific departments or exception departments. If you select this option, the Selected departments section appears. Only those departments where the logged-in user has permission to view audit information are displayed. Click Add to search and add departments. You can remove the listed departments from the list using the Remove link.

    • Do not include departments - Select this option if you do not want to search for audit information generated at the department level. If this option is selected, you must select either Include application level records or Include historical data option.

  4. Select the Include application level records check box if you want to search for audit records generated at the application level.
  5. Select the Include historical data check box if you want to include audit information at the following level:
    • Deleted department

    • Closed department

    • Monitored employees whose exception status is removed

    Note:

    You can select the Include application level records and Include historical records if you have the View Audit information permission at the application level.

  6. Use Advanced search options to narrow the search for audit records. The following additional options, such as operation type, user, and property, are available. You can add a new search row by clicking the + icon.

    Module name

    Module

    Operation type

    Select operations such as Create, Update, and Delete.

    User

    Select audit records based on users. You can enter one user per line. Press the Enter key to add another user on next line. Audit records having any of these usernames are returned.

    The Username field supports wildcards * and ?. You can use an asterisk (*) wildcard to represent zero or more characters in your search. Use a question mark (?) wildcard to represent any single character.

    Wildcards can be escaped using \. Therefore, \* represents the character * whereas * represents the wildcard. All the provided values are matched if the search is present anywhere in the data. You cannot use special characters in the Username field. Also, special characters which appear in the middle of the text using wildcard cannot be matched.

    For example, a search term MyDomain*vsa will not match the data MyDomain\user1, but will match the below search terms:

    • Mydomain\user1

    • Mydomain user1

    • Mydomain

    • user

    Changed Property

    Search for a property changed in an audit event using the following options. Press the Enter key to add another entry on next line.

    • Property name: The name of the changed property whose value you want to search. For example, Department parent or Role name. You can use a wildcard to match multiple properties.

    • Previous value: The previous value (before modification) of an audit record's changed property. This field supports wildcards and partial matches.

    • Current value: The current value of an audit record's changed property. This field supports wildcards and partial matches.

    Note:

    You can search for multiple changed properties in a single search; however, you cannot search for the same changed property twice.

    All the provided values are matched if the search is present anywhere in the data. You can use special characters in your search. These fields support the use of wildcard characters * and ?. You can use an asterisk (*) wildcard to represent zero or more characters in your search. Use a question mark (?) wildcard to represent any single character. Wildcards can be escaped using \. Therefore, \* represents the character * and not wildcard *. Since \ is an escape sequence, you can escape \ by using \\.

    For example, if a username in the Current value or Previous value fields of the property is Acme\John Doe. To search for this, you can provide any of the following search terms:

    • Acme*

    • Acme\\John Doe

    • Acme*John Doe

    • *John

    Note that wildcards present in the middle of search terms can match special characters. For example, in the above example, Acme*John Doe search terms match Acme\John.

  7. Click Search to perform the search for audit records.

    When the search is executed, the search results are displayed. A maximum of 10000 audit records can be displayed.

    In the left panel, the audit records matching the search criteria are displayed. The newest audit records are displayed first. You can sort the records in ascending or descending order by using the sort arrow icon in the header of the columns. When you select an audit record in the left panel, its changed properties are displayed in the right pane.

  8. From the Actions menu, click Export as CSV if you want to export the search results.
An example of an advanced search for audit records

An advanced search always ANDs the criteria specified for each of the Operation type, User, and Changed property fields, whereas multiple values in the same field are always ORed. Multiple Changed property fields are always ANDed.

For example, the advanced search options are used as displayed in the following diagram:

Here, the search can be interpreted as below

ModuleName is Role OR RoleAssignment AND OperationType is Create OR Update AND User contains SOFIA\VSA AND Changed property - PropertyName contains "Role", the Previous value contains dep*, the Current value can be anything.

These search criteria return all audit records which have Module name as either Role or role assignment, and Operation type as Create or Update and change done by user SOFIA\VSA and where Property - Role is changed with the previous value that contains dep