If an Active Directory Browser grid has an Action column, you can run an investigation against the login or account.
To run an investigation
-
On the Tools menu, click Knowledge.
-
Click the Active Directory User Browser or Active Directory Group Browser.
-
Configure the following values in the Quick Search Toolbar at the bottom of the window.
-
In the past. Enter the number of minutes, hours, or days to use in pulling the log data
-
Include. Select the classifications to use as filters for the investigation
-
Options. Set specific options for:
-
Use Investigator. Defaults to Platform Manager Search, but can change to Data Processor Search if Configure New Investigation is selected.
-
Use Log Miner. Uses LogMart
-
Query Platform Manager
-
Query Default Data Processors. Default Data Processor uses the defaults accessible by going to My LogRhythm, and then clicking My Preferences.
-
Investigation Wizard. Indicate if you want the Investigation Wizard to open prior to running so that you can set additional criteria.
-
-
-
Select the Action check box for the records you want.
-
Right-click the grid.
-
Click Action, and then click the Investigation you want.