Monitored execution report

If you have configured your auditing installation for advanced monitoring, then this Monitored Execution report shows the monitored commands being executed on the audited computers. This report includes information on commands that are run individually or as part of scripts. This report shows who ran one of the monitored commands even if that person is not an audited user.

The Monitored Execution report includes the user name, the computer where the commands were run, the time the command was run, the name of the command and the command arguments used, the process and parent process IDs, the “run as” user, the directory in which the command run, and whether the command was successful.

Note:   In the report, the Access Status column lists out whether the command was started successfully or not. This field does not describe whether the command completed successfully or not.

Note:   Advanced monitoring does not generate an audit trail event for commands for which you’ve enabled per-command auditing.

You can customize and filter the information included in a Monitored Execution report by specifying the query criteria and saving the report definition.