Hello, I'm Ghazwan Khairi, a strategic systems consultant with Quest. And today, I'm going to demo Quest On Demand Audit. As you can see from the screen, I logged into my On Demand Audit, and I clicked on the Auditing section. These are all the other modules of Quest On Demand. But under the Audit section, there's primarily four tabs in here.
There's the dashboard, which provides a high-level overview of what's going on in my environment. There are three sources for my audit events. There is Azure Active Directory events, for users, and groups, and sign-ins, and tenant information. There is Office 365 events. These are a SharePoint Online, OneDrive online, Exchange Online.
And there's also Active Directory events. This is when we integrate Quest On Demand Audit back to our on-premise change auditor installation. We're able to actually push information about events to this interface. So this provides a holistic view of all audit changes, regardless of where they come from, on-premise or cloud. So we provide a hybrid active directory-- Azure Active Directory, Office 365, Audit interface.
So this is the dashboard. From the dashboard, you'll notice there is a lot of heat maps in here. We have total number of events, unique users generating these events. I can come in here and I can drill down into anything in here and this graph will adjust itself. Here's a timeline of all these events. I can change the times. I can again, from here, select and see exactly what's going on in this specific time period with this specific workload-- in this case, Azure Active Directory, not a workload. So that's what the dashboard will provide for us.
Now, also under the dashboard, there is a Sign-ins section in here. This provides us information about the unique applications we've signed into, the unique users that signed into these applications, and the application names in here. So we can filter on anything that you see here on the screen. So if I just want to filter on who logged in to Microsoft Power BI, I can see this information. Or I can filter by a specific user if I wanted to.
Notice, as I hover my mouse over any of these widgets, there's a few things that pop on the top right-hand side. There are more options where I can export the data, show the data, or put a spotlight on it. Or I can maximize this. So here's my heat map of where the events are coming from. So I can quickly take a look-- if we're a US-based company and I'm seeing events coming from somewhere else in the world, well, that may be a trigger for me that I need to go in further and investigate. Or I can log in specifically into the US, for example, go into Chicago, and take a look at the information. Again, it's very interactive. You can right-click, Show data, Include, Exclude.
Under the Search tab, this is a list of all the events that we have. But we just basically group them based on the source work they're coming from. And we also group them in a way where it's easier for you. And that's what you'll notice is a theme with On Demand Audit. It's very flexible. It's very responsive. Search is extremely fast. You render events in the millions if you want, within seconds.
So you'll notice that there is an Office 365 section in here that shows us all workloads of Office 365, all the events. I can come in here, view it, visualize it, save it, run it, share it with others. There is a Best Practices section. Here's my Azure Active Directory events. These are all out-of-the-box. If I want to make changes to them, I can. Or I can copy them and make changes under my Searches section, which is just mine.
All Events is just if you want to come and take a look at all events, all in one second, at one time. And Active Directory, these are all the events that have been pushed from my on-premise installation of Change Auditor. So if I want to take a look at events by computer, users, groups, I can come in here and trigger any of these events and see what's going on in my environment.
And under My Searches, this is basically searches that I have created-- custom searches that I have created for things that may make sense for me to go after. For example, I want to see where sharing operations on important file types have happened in the last seven days. Or I've created, as you can see here on the screen, show me all events that I've generated that were OneDrive events, or Exchange events, or where I broke inheritance, or I have Azure Active Directory events.
One report that I like to run is, here's a heat map of-- or here's a grid of all the events that I've happened in my environment. And I actually really like the visualization of it. So let's go ahead and trigger that. Here's a visualization of the events. I can come in here and I can drill in my name. I see that I've generated 422 events. And I see all the activities in here. These are all the things that I have done. Again, like we did before, I can come in here and export this data. So I can give you an Excel sheet of what a specific user did. And again, I can do it based on time, against the entire environment.
Let's go to the Alerts section, under the Alerts section-- well, actually, before we go to the Alert section, any of these events, if I click on it, I can set an alert, basically enable an alert. So if any events were created by this user, then an alert will be triggered. Who is this alert going to go to? Now we'll go
07:06