FileAudit Documentation
FileAudit Documentation
You are here: Reference > Reporting > Access reports

Access Reports

FileAudit offers a set of predefined reports on file and folder access events, based on access types.

  • All access events
    All events, without predefined filter
  • Audited paths
    Quick filtering on one or more precise paths
  • Windows servers
    All events from Windows servers
  • Cloud Storage Providers
    All events from cloud storage (add-on Cloud required)
  • File and folder changes
    All events of type Delete, Write, Write attributes, System, Permissions and Appropriation
  • File rename
    All file rename events
  • Files read
    All read events
  • Files writes
    All write events
  • Deleting files and folders
    All deletion events
  • File executions
    All execution events

Denied accesses reports

FileAudit also offers reports on denied access:

  • All denied access
  • Denied file reads
  • Denied file writings
  • Denied deletions

Filters

To access the access report filter and perform a search action, click the "Filters" button. The filter form will appear. Select your criteria and apply the filter.

If filters are applied, the "Filters" button will indicate the number of filters applied.

The Server & Path filters

  • Server: Display events from a specific server. All your audited Windows & Cloud servers will appear in this list. The Auto mode will automatically resolve the server if a path is entered.
  • Object type: You can display events on files and/or folders.
  • Path: You can display events on files and/or folders. Take note:
    • The ‘Path(s)’ field of the ‘File Access Viewer’ supports ‘*’ (any string) and ‘?’ (any character) wild characters.
    • If you enter a file/folder path not currently monitored, FileAudit will detect and propose that the audit configuration be set up via its wizard. Follow the different steps to configure the NTFS audit for this new path.

The What filters

The Who filters

  • Domain: You can display events for a specific domain by typing its netbios name.
  • Group: You can display events for members of a specific Active Directory group.
  • User: You can display events for a specific Active Directory user.


An advanced syntax allows you to exclude or include multiple users in the Group and User fields. See below for more details.

Please note:

  • Groups without users are not allowed (e.g., a group of machines).
  • Groups of sub-domains or parent domains are not supported.
  • If the service just (re-)started, it needs some time to build the list of groups. As a consequence, during this timelapse, any selection will be denied (generally a matter of seconds).

The Source filters

  • Client IP Address: This allows you to specify the IP address of the machine from which the access has been performed (if the access is performed through the network).
  • Client name: This allows you to specify the name of the machine from which the access has been performed (if the access is performed through the network).
  • Process: This allows you to specify the name of the process generating the access attempt (if the file/folder is accessed locally - i.e. on the machine hosting the file/folder).


You can reset all filter configuration options to default by clicking on the 'Reset' button.

Include or exclude users

User and Group filters can be used to include or exclude users from the results. To include more than one user or group, separate entries with commas. To exclude an user or a group, enter the minus sign before the group name or the user name.

Inclusion example
Sales, Marketing


All accesses of Sales and Marketing group members will be displayed.

Exclusion example
-Marketing


Accesses of Everyone except Marketing group members will be displayed.

Inclusion + exclusion example
Sales, -Managers


All accesses of Sales group members will be displayed, except for users also members of Managers group.
If there are no common members betweenSales and Managers groups, it will include all Sales members. If all members of Sales are members of Managers, no data will be displayed.

Status bar

The status bar indicates which filters are enabled for the current view. Furthermore, if you re-open the Filter display, your previously selected filter criteria will still be visible: