Enterprise SIEM, Centralized Log Management, Security, Compliance, Server Monitoring and Uptime Monitoring Software
Table of Contents

Azure Active Directory Audit Log Reports

Azure Active Directory Audit Log Reports enable you to scan the consolidated log database for specific entries. This report is typically used by compliance and audit professionals to audit Azure Active Directory Audit Logs.

Azure Active Directory Audit Log Reports optionally use Regular Expressions to parse log entries, extract values, then finally filter entries using Azure Active Directory Audit Log Filters. This report is supported on all locales.

How to create an Azure Active Directory Audit Log Report

  • From the Menu Bar select File | New. The Create New Object View displays.
  • From the Create New Object View, expand Reports.
  • Expand Report | Log Consolidation Reports then select Azure Active Directory Audit Log Report. The Properties View displays.
    Information Unlicensed report types appear in gray text. If you would like to create a report that is not currently licensed, please contact Corner Bowl Software to upgrade your license.
  • The Properties View contains 6 configuration tabs.
    • General
    • Explicitly Assigned Logs
      Alert This report requires users to explicitly assign each log to include in the report.
    • Columns
      Alert Once you have explicitly assigned the logs to include in the report, click Load Columns. The existing column definitions are replaced with the column definitions that correspond to the log type you have assigned. If you select multiple log types, each log type's column definitions are combined together.
    • Options
    • Date/Time Range
    • Actions

The Options Tab

  • Use the Filters drop-down to select all of the filters you would like to apply to the report.
    Alert To target specific columns (e.g. New Logon Account Name), create a Complex Azure AD Audit Log Filter then, create a new Attribute Value Pair Criteria, specify the column's key (e.g. USER) then, specify the account name or regular expression to target.
    Sample Azure AD Audit Log success audit filter.
  • Once a filter is assigned, use the Include entries that pass drop-down to select the filter method.

    The following filter options are available:

    AllInclude each entry that passes all assigned filters.
    AnyInclude each entry that passes any filter.
    NoneInclude each entry that does not pass any of the filters.
    IgnoreInclude all entries.
  • Use the Apply filter frequency rules to display the Latest or Oldest entry when it occurs more than X times every X periods.
    Information A unique instance of these settings is attached to each assigned filter. Select the Filter to apply each instance's settings.
    Sample Azure Active Directory Audit Log report properties

Related Topics