Feature request - Alerts
On the Alerts tab and under the "Profile Based Alerts" column I would like to be able to see the count/number of alerts per profile as when you get thousands of alerts it is easier to see how all the alerts are spread out.
Widgets from ADAP
Hi ALL We use SDP and there are some Widgets form OpManager. We want include some data from ADAP too but it don't has any widgets options ( Our Helpdesk Team needs Widgets like: Recently Locked Out Users, Recently Disabled Users and other reports Could
Multiple Schedules on Reports
I had a single report that I had to clone 10 times because I wanted it to run at different times. Attaching multiple schedules to same report would be great!
Stop auto-running the reports when selecting it from the menu.
Turn off automatic running of a report when you select it from the menu. Too much time is being spent on unnecessary db calls when a user is going into a report and it auto-launches as soon as you go into it. Let the user perform the criteria and then be presented to a "Run Report" button.
Feature request: Alert for a same source user
Currently, when we configure an alert in ADAP, we have the option to configure 'Threshold based alerts'. That way we can set a number of events within a given time period so that the alert is triggered. It would be useful if you had the option 'from the same source user'. In this way, we could generate an alert if the same user made changes to several files in a short period of time, for example (in this way we would even know if it was a ransomware attack).
Reduce number emails for some alerts (or more intelligent alerting)
I have configured an email alert for Security Group Modified, which sends an email when a user is added or removed from a group. However, if I add 20 users, I get 20 email alerts. Can we get an more intelligent email alert that combines these into one? For example, "Security Group Modified - 20 accounts added"? Also, when a user account is created, it gives me separate alerts for User Enabled, User Created, User Renamed for that single action of creating a user account.Can you add alerting rules,
Granular Exclusions for File Auditing
It seems like you can exclude an account from having it's file auditing events collected but ideally, you would be able to exude certain events from being collected on a per account basis. For example, I have a product that collects detailed file statistics from my large file server. At times, it needs to trawl shares and this generates a huge amount of read operations. I'd like to exclude these read events from being collected but collect any file deletions it might make or other changes.
Include 'Pre-Windows 2000 Name' attribute in reports
Hi guys, please consider including the 'pre-windows 2000 name' in reports and data collection. This would be very useful to us in our reports.
Ability to Copy Report Profiles
Please add the ability to copy report profiles
Ability to Copy Alert Profiles
Please add the ability to copy alert profiles
Exclude Service Account from specific IP or Computer
I think it's great that I can exclude known Service Accounts as they generally log a lot of unnecessary information. Would it be possible or good idea to have a feature where you can exclude a service account only from a specific IP address or computer? This way you can see if the account is being used outside of what system it was intended for.
Ability to Copy Rule Groups in Custom Audit Actions
Recently doing a lot of work with custom audit actions. Would be nice if one could copy and existing rule group and past within the same audit action. For example, On one custom audit actions i needed to it take into account the file name involved. That meant re-creating the same rule group 25 times within the same audit action and then adding an additional filter in each rule group for the file name. very tedious. Of course, if the rulr group logic could simply have been changed to AND ..... :)
Filters Based on Account Exclusion rather Than Inclusion
All the filters on report/alert profiles for file auditing (and other actions) are based on the inclusion of user names i.e. if username X accesses this file alert me. You can also include groups. However, often, especially with file auditing we wish to alert if any user except X access a file. Currently, do to this one must duplicate all file auditing actions and filter against the username you wish to exclude which is very cumbersome.
Product Roadmap
It would be nice if there were some community visible road map or the product so we could see what was planned for the next release and future releases. A kind of 'what we are working on blog'
search by username instead of full name
Would be nice to do a logon history report on a user, and be able to type in the username instead of the full name of the user when selecting the account to search for.
Collect Logon Audit from NetApp Filers
The ability to collect CIFS logon audit events from NetApp filers if this setting is enabled on the filers: cifs.audit.logon_events.enable
Exclude arbitrary username
The product allows you to exclude domain accounts from collection i.e. events with that account name in it will not be collected and aggregated into reports. What would be great though is that if the product could also excluded non-domain accounts. non-domain account generate 'Unknown username' event son the domain. one such example we face is highlighted here: https://support.microsoft.com/en-us/kb/2591305 we get thousands of these daily due to the way the Exchange 2010 MP works. Would be nice to
Ability to copy custom reports
Would be nice to be able to copy custom reports. Often I need to create the same report and just change something basic like the filtering for a user. I currently have over 200 custom reports. Would be nice to be able to clone them or create a template etc.
Event Field Variable Expansion for Alert E-Mail addresses
I often create alerts for accounts locking out/bad passwords etc. Normally I use an advanced alerts to specify thresholds for these events and filter them to a specific user. What would be nice would be if you could use the fields from the event in the email address like you can in the custom alert message. For example, I could then fire UserA and email when they have had many bad passwords in a week by expanding the %USERNAME% variable on the custom alert. Currently, I have to create an alert profile
Alert Profiles - Include Link to Report Profile
Would be nice to be able to include a hyperlink to a report profile in an email alert. The reason I ask is we have configured many alerts to go to admin users when their accounts have a high rate of failed logons against them (i.e. if they have left themselves logged on onto servers and their passwords expire). We can easily fire them an alert indicating that there had been a high password failure against their accounts. However, I would also like to include a link to the report profile so they could
Reports to show which GPO being applied
Please consider adding reports to show policies being applied so we can trace down to know if a particular policy is causing issues or if a newly created policy is working as expected.
Ability to copy report profiles
Would be very handy when creating many profiles.
Add Dynamic Reporting Periods for 'Year to Date'
Would be great to be able to select a reporting period of 'Year to Date' that would run from the first day of the year to the current date. Same goes for Current Month etc.
Set a Default Reporting Period
Most reports seem to have a default reporting period of 24 hr resulting in a long rendering time for environments like mine with a lot of audit data. Ideally, within the UI, you should be able to set the default period to any time period (built in or custom) either globally or per report.