One of the key features of Audit reports is the ability to set a specific timeframe, allowing you to focus on data from a particular period. This feature is especially useful when you want to:
- Analyze trends.
- Identify anomalies.
- Investigate specific incidents.
The timeframe feature is available for all Audit reports, with the exception of the CoreView Audit log.
Some reports default to a 7-day period, while others default to a 180-day period. The default timeframe is determined based on the volume of logs typically registered. For instance, if a report typically generates a large volume of logs, it might default to a shorter timeframe to provide a more focused view of the data. Conversely, if a report typically generates fewer logs, it might default to a longer timeframe to provide a more comprehensive view.
CoreView will retain these audit records for a duration of 12 months (Microsoft's provision is 90 days). Please note, however, that a tenant's capacity to "revert" is limited to the period since its activation. Consequently, a full 12-month depth of records will only be available one year post-activation.
Customizing the timeframe
You can customize the timeframe by clicking on the calendar icon at the top right of the page. This opens a date picker, where you can select the start and end dates for the report. This flexibility allows you to tailor the report to your specific needs, whether you're investigating a recent incident or analyzing long-term trends.
By clicking on the calendar icon at the top right of the page, you can either choose a default timeframe, such as “last 7,” “last 14,” “last 90” days or set a custom range.