Hello, in this video we'll demo some new features in Quest IT Security Search Version 11.4.1 Update 1. Now that IT Security Search has customizable grid columns, you can create search result layouts with specific event fields that you're interested in. Suppose you're working with changes to AD users, now you can add the Whom column to have a more detailed Event Grid.
If you're looking at authorization attempts, what log on, then it's convenient to have the Result column to tell you if the attempts are successful. And you can remove whom to save some space since we're focusing on a specific event type.
After that, you can save the results in a format that suits you, export to PDF for CSV. Remember that different kinds of events can have different sets of fields. To get the full list of available event fields, open the details view. The newly added current user parameter lets you enable every user to search only for those events where that user is the initiator.
This is how you set this up. Assign permissions to the relevant group and those permissions are applied to all the group's members. As an example, suppose your work accounts may have a lot of lockouts for no particular reason.
You can delegate responsibility to investigate the reason to the end users. You need to specify who, context current user in the permission setting. And then you can provide end users with generic IT Security Search query URL, what log on.
When the end user clicks on it, they will only see authorization attempts for their user accounts. They can browse the events to verify it was actually them who logged on in all cases. You can use context dot current user both in searches and in the role-based access configuration.
Suppose you had a data leak, and you want to investigate who, except the administrators, had access to a specific file. With search and search capabilities available, you can use a single combined search to get data that couldn't be obtained by a regular search. You get the account names of all employees who are not in the administration department and who tried to open the file.
Let's see how search and search works. You type in an expression to find all users that aren't in administration. Then you add the pipe character and type the next expression. That subsequent expression will be applied to the results of the expression to the left of the pipe. Repeat that as many times as needed.
After the results are found, you find some suspicious events. Here, a person who isn't in administration opened the file successfully. Thank you for watching. For more information, please visit quest.com.
03:06