In this article: |
Track Audits
Once an audit is initiated, its record is listed on the Audits page. Use the My and Company toggles to switch between audits you created and audits created by other users in your company.
The Audits page displays initiated audits with the following details:
Name and type – displays the audit name and indicates whether it is a Data Audit or a Content Audit.
Audit Period – the configured audit period.
Repository – the selected repository.
Tenants – the selected tenant (if any).
Data Plane – the selected Data Plane.
Created – the date and time and the user who created the audit.
Actions – enables performing the following actions by clicking three-dots and selecting one of the options from the menu:
Rename – rename the audit.
Generate a Report – create a downloadable audit report in one of the available. formats. For details on generating and downloading reports, go to this guide.
Share to Company – make the audit available to all users in your company.
Delete – delete the scan.
Demo Audit
You can use the Demo Investigation that shows the Data Audit results for a Demo Data Plane.
Once your organization finishes the first Investigation, you can turn off displaying the Demo Investigation using the Show Demo switch on the Audits page.
Track Scans
Once a scan is initiated or scheduled, its record is listed on the Scans page. The Scans page displays scan information across two tabs.
Investigations
Schedules
Use the My and Company toggles to switch between scans you created and scans created by other users in your company.
Investigations
The Investigations tab displays all initiated scans with the following details:
Name and type – displays the scan name and indicates whether it is a Rules for Alerting or Threat Scan.
Scenario and Period – the selected threat hunting scenario and the configured scanning period.
Triggers – number of triggered queries and number of hits.
Tenants – the selected tenant (if any).
Data Plane – the selected Data Plane.
Created by – the date and time and the user who created the scan.
Status — the current scan state (In progress, Successfully finished, or Stopped) along with the date and time when the status was last updated.
Actions – enables performing the following actions by clicking three-dots and selecting one of the options from the menu:
Stop Scan – terminate the scanning process if it’s still in progress.
Scan Logs – view the list of completed scans with queries that ran successfully and which failed, along with their corresponding error messages.
Rename – rename the scan.
Generate a Report – create a downloadable scan report in one of the available formats. For details on generating and downloading reports, go to this guide.
Share to Company – make the scan available to all users in your company.
Delete – delete the scan.
Note: The scan is completed and ready for checking its results when it has the corresponding status Successfully finished marked as a solid green circle with a black checkmark. Otherwise, it will have the In progress status.
Schedules
The Schedules tab displays the list of all scheduled scans along with the following details:
The status of the scheduled scan.
Parameters – the scanning frequency as per schedule.
Scenario and Period – the selected threat hunting scenario and the configured scanning period.
Data Planes – the selected Data Plane.
Last Launch – the date of the last scan launch.
Next Launch – the date of the next scheduled scan launch.
Actions – enables performing the following actions by clicking the corresponding icon in the right-hand side corner next to the selected scan:
Logs – view the list of all investigations, the date and time of their launch, duration, and status (Finished, Canceled, Running).
Delete – delete the scheduled scan.
Demo Scan
You can use the Demo Investigation that shows the scan results for a Demo Data Plane.
Once your organization finishes the first Investigation, you can turn off displaying the Demo Investigation using the Show Demo switch on the Scans page.