Users can create queries by defining one or more rules, where each rule consists of a condition (And or Or) and two to three of the parameters described in the following table.

Parameter

Description

Subject

Specifies the parameter of the audit entry that is being queried. The available choices correspond to the columns of the audit entry.

Operator

Specifies the condition that must be met. This parameter relates the subject to the target.

Target

Specifies the criteria that must be met. This parameter is relative to the Subject parameter and the Operator parameter.