If an Active Directory Browser grid has an Action column, you can run an investigation against the login or account.
To run an investigation
- On the Tools menu, click Knowledge.
- Click the Active Directory User Browser or Active Directory Group Browser.
- Configure the following values in the Quick Search Toolbar at the bottom of the window.
In the past. Enter the number of minutes, hours, or days to use in pulling the log data
Include. Select the classifications to use as filters for the investigation
Options. Set specific options for:
Use Investigator. Defaults to Platform Manager Search, but can change to Data Processor Search if Configure New Investigation is selected.
Use Log Miner. Uses LogMart
Query Platform Manager
- Query Default Data Processors. Default Data Processor uses the defaults accessible by going to My LogRhythm, and then clicking My Preferences.
- Investigation Wizard. Indicate if you want the Investigation Wizard to open prior to running so that you can set additional criteria.
- Select the Action check box for the records you want.
- Right-click the grid.
- Click Action, and then click the Investigation you want.