The Monitored Execution report includes the user name, the computer where the commands were run, the time the command was run, the name of the command and the command arguments used, the process and parent process IDs, the “run as” user, the directory in which the command run, and whether the command was successful.
Note: In the report, the Access Status column lists out whether the command was started successfully or not. This field does not describe whether the command completed successfully or not.
Note: Advanced monitoring does not generate an audit trail event for commands for which you’ve enabled per-command auditing.
You can customize and filter the information included in a Monitored Execution report by specifying the query criteria and saving the report definition.