Users can create queries by defining one or more rules, where each rule consists of a condition (And or Or) and two to three of the parameters described in the following table.
Parameter | Description |
---|---|
Subject | Specifies the parameter of the audit entry that is being queried. The available choices correspond to the columns of the audit entry. |
Operator | Specifies the condition that must be met. This parameter relates the subject to the target. |
Target | Specifies the criteria that must be met. This parameter is relative to the Subject parameter and the Operator parameter. |