Accessing audited sessions

Your access to audited sessions is controlled either through the audit roles you have been assigned, or through designation as a reviewer if you do not have an auditing role assigned to you. For more information on designating audit session reviewers, see Adding session reviewers without designating auditing roles.

If you have been assigned at least one audit role, or have been designated as a reviewer without an audit role, you can use Audit Analyzer to search for and replay the audited session activity collected from audited computers. Depending on the permissions defined for your audit role, you might also be able to annotate, update the status of, or delete the audited sessions to which you have access. If you have been designated as a reviewer of an audit session, you can only review and updated the status of the sessions to which you have access.

The first time you start Audit Analyzer, you are prompted to select an installation. If you have an audit role in that installation and the connection is successful, Audit Analyzer opens and displays the default categories for predefined queries:

  • Audit Sessions
  • Audit Events
  • Reports