Skip to content

Feature/1s reporting updates #207

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 4 commits into
base: dev
Choose a base branch
from
Open

Feature/1s reporting updates #207

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
cd19627
1Secure classifier app config
dimav78 Sep 10, 2025
cd609a5
Add 1Secure SharePoint Online Data Classification setup guide
dimav78 Sep 10, 2025
7c80a56
Update 1Secure documentation for reporting and activity selection cha…
dimav78 Sep 15, 2025
f963488
Reorganize compliance reports by adding Permissions category
dimav78 Sep 15, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Binary file added docs/1secure/admin/organizations/sourcesandconnectors/addconnectorspo.png
View file
Open in desktop
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
4 changes: 4 additions & 0 deletions docs/1secure/admin/organizations/sourcesandconnectors/computer.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -119,6 +119,10 @@ the following:
- Advanced Activity Selection – Select this checkbox to choose the successful and failed actions to
audit on the computer.

:::note
By default, Read activity is not available for auditing. Contact Netwrix support if you need it.
:::

![Advanced Activity Selection options](/images/1secure/configuration/computer/objectlevelaccessaudit.webp)

**Step 10 –** Click **Finish**.
Expand Down
5 changes: 4 additions & 1 deletion docs/1secure/admin/organizations/sourcesandconnectors/sharepointonline.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -53,7 +53,7 @@ pane is displayed.

**Step 6 –** Click **Next**.

![Choose New Connector %28Step 3 of 3%29 pane](/images/1secure/admin/organizations/sourcesandconnectors/addsourcesharepointonlineconnector.webp)
![Choose New Connector %28Step 3 of 3%29 pane](addconnectorspo.png)

**Step 7 –** The Choose new connector (Step 3 of 3) pane lists three connectors for SharePoint
Online. Specify the following:
Expand All @@ -78,6 +78,9 @@ Online. Specify the following:
switch to ON to allow 1Secure to read the documents in order to classify and label them based on
the type of data they contain.

- Establish connection to your Classifier app – See the
[Configure SharePoint Online Classification App](/docs/1secure/configuration/registerconfig/1secure-classifier-setup-guide.md)
topic for additional information.
- Run OCR to improve classification of images (increases processing time) – Toggle this switch
to ON to use Optical Character Recognition (OCR) to scan images for text, which helps to
classify the sensitive data more effectively. Note that this increases the processing time for
Expand Down
20 changes: 13 additions & 7 deletions docs/1secure/admin/searchandreports/activity.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,7 @@ Activity reports are available under the following categories.

- [Overview](#overview)
- [Active Directory](#active-directory)
- [Active Directory and Entra ID](#active-directory-and-entra-id)
- [Microsoft Entra ID](#microsoft-entra-id)
- [Exchange Online](#exchange-online)
- [File Server](#file-server)
Expand All @@ -64,21 +65,26 @@ Activity reports are available under the following categories.

| Report Name | Description |
| ----------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| Accounts Deleted | Lists all user accounts that have been deleted. It also provides information about when and by whom the accounts were deleted, which can help identify any unauthorized or suspicious activity within the system. |
| Accounts Enabled | Lists all user accounts that have been disabled. |
| Accounts Disabled | Lists all user accounts that have been disabled. It also provides information about when and by whom the accounts were disabled. |
| Accounts Locked Out | Lists all user accounts that have been locked out. It also provides information about when and by whom the accounts were locked out. |
| Accounts Password Tempered | Lists the user accounts where the password has been altered. It helps to detect unauthorized password changes. |
| Administrative Group Membership Changes | Lists changes to membership of the Domain Admins, Enterprise Admins, Schema Admins, Account Operators, and other administrative groups. Members of these groups are entitled to perform critical activities in your IT infrastructure. Subscribe to this report or review it on a regular basis to detect security issues and ensure that administrative group membership is granted or revoked in compliance with your organization's security policies. |
| All Active Directory Changes | Lists changes to all Active Directory objects including changes to permissions, configuration, etc. This is the most comprehensive report on Active Directory changes. Use it when you need to review every single change to any Active Directory object. |
| All Logon Activity | Lists all user login attempts across the Active Directory. It helps track the login trends, such as repeated failed login attempts. |
| Computers Removed | Lists all computer accounts that have been deleted. It also provides information about when and by whom the accounts were deleted, which can help identify any unauthorized or suspicious activity within the system. |
| Failed Logons | Lists the failed login attempts. It is useful for identifying the potential security issues, such as unauthorized users trying to access the system. |
| Members Added to Administrative Group | Lists all users who have been added to administrative groups. It helps administrators monitor changes to privileged groups and ensures that only authorized users have elevated access. |
| Members Removed from Administrative Group | Lists all users who have been removed from the administrative groups. It helps administrators monitor changes to privileged groups and ensures that only authorized users have elevated access. |
| Organizational Unit Management | Lists changes made to organization units including, changes to name, description, delegation settings, etc. |
| Security Group Membership Changes | Lists changes made to security groups including, changes to group membership, permissions, descriptions, etc. |
| User Account Status Changes | Lists changes made to the status of user accounts, such as enabling, disabling, locking, or unlocking accounts. |

## Active Directory and Entra ID

| Report Name | Description |
| --------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| Accounts Deleted | Lists all user accounts that have been deleted from both Active Directory and Entra ID. It also provides information about when and by whom the accounts were deleted, which can help identify any unauthorized or suspicious activity within the system. |
| Accounts Disabled | Lists all user accounts that have been disabled in both Active Directory and Entra ID. It also provides information about when and by whom the accounts were disabled. |
| Accounts Enabled | Lists all user accounts that have been enabled in both Active Directory and Entra ID. |
| Accounts Locked Out | Lists all user accounts that have been locked out in both Active Directory and Entra ID. It also provides information about when and by whom the accounts were locked out. |
| All Logon Activity | Lists all user login attempts across both Active Directory and Entra ID. It helps track the login trends, such as repeated failed login attempts. |
| Failed Logons | Lists the failed login attempts from both Active Directory and Entra ID. It is useful for identifying the potential security issues, such as unauthorized users trying to access the system. |
| User Account Status Changes | Lists changes made to the status of user accounts in both Active Directory and Entra ID, such as enabling, disabling, locking, or unlocking accounts. |

## Microsoft Entra ID

Expand Down
Loading