Understanding Audit Views and Filters
-
- Last UpdatedMar 14, 2025
- 2 minute read
The ability to drill down and analyze audit data in SecureSphere is derived from the filters and views built into the audit feature. SecureSphere provides a hierarchal set of filters that enables you to select a specific cross-section of data, then drill down to view individual events. If the view does not provide enough granularity, you can apply a filter or configure a more specific time frame (according to your local time zone), then view the data again. Once you’ve obtained the data you require, you can drill down on that data and view specific events. SecureSphere auditing provides four basic tools that defines what data to display on the screen, as illustrated below.
The following table lists the available audit tools.
Audit Viewing Filters
Name |
Description |
||
---|---|---|---|
Policy |
Selects the policy whose data you want to view and displays the number of events currently in the system for each policy. Note: To update the number of events, click refresh. Enables you to select different policies for viewing that include: Applied Policies: Lists all policies currently applied to elements in your network. Loaded Archives: Lists all policies related to data that has been imported into SecureSphere from an archive. For information on how to import archived data, see Importing Audit Archives for Analysis. Unapplied Policies: List all policies that are not currently applied. If a policy is selected here and has not been previously applied, no data is displayed. |
||
Time Frame |
Determines the time frame (according to your local time zone) of data to be displayed.
Note: When selecting Last Month, queries data for last 30 days. When selecting Last Week, queries data for last 7 days. For further information on Fast Viewing, see How Audit Data is Maintained by Imperva DAM. |
||
View Pane |
Lists the available views used to display audit data. Views provide an easily readable cross-section of data in standard layouts. For a list of DB audit views, see Understanding DB Audit Views (per Policy). |
||
Filters |
Uses standard SecureSphere filter capabilities to drill down and select particular criteria to display. For example, you can select all records that relate to a specific database user. Applied filters are retained when switching between views. Filters are only removed when you select clear or log out of the system. |