View audit: overview

  • Last update on September 6th, 2023

CoreView provides you with functionalities to visualize Audit reports, allowing you to gain insights, identify patterns, and make data-driven decisions. When visualizing an Audit report, you have access to several functionalities that enhance the process:

  • Reports filtering: this feature enables you to refine the data in the report based on specific criteria, making it easier to concentrate on particular data subsets and discover pertinent insights. This is available for all Audit reports, except the CoreView Audit log.
  • Organizing columns: this functionality allows you to sort and filter specific columns, and decide which columns to display, enabling you to tailor the report view to better meet your analytical needs.
  • Set timeframe: this feature allows you to specify the time period for the report. By focusing on data from a particular period, you can hone in on the most relevant information. Some reports default to a 7-day period, others to a 180-day period, depending on the volume of logs typically registered. You can customize the time period by clicking on the calendar icon at the top right of the page. This feature is available for all Audit reports, except the CoreView Audit log.
  • Pivot: Audit reports enable the use of pivot tables to summarize and enhance data analysis. In Pivot mode, you can export data containing only the attributes you selected to create your Pivot table within the application, or save the Pivoted report as a custom report. More details are available in the related section. This feature is available for all Audit reports, except the CoreView Audit log.
  • Add to favorites by clicking on the star icon above the reports, you can add a report to your favorites. The report will then appear in your favorite reports, which can be accessed from the sidebar.

Other visualization features are only present in some Azure AD audit reports:

  • The “Show map” feature, which enables you to visualize the geographical locations of users at the time of their logins, and subsequently refine your data based on this information. This feature is exclusively accessible for the following Azure AD audit reports:
    • Sign-in events
    • Sign-ins with admin roles
    • Sign-ins external
    • Sign-ins failed
  • Enabling “Anonymous data” toggle: depending on your data visualization needs, you might choose to turn the anonymous data toggle on or off. This feature is exclusively accessible for the following Azure AD audit reports:
    • Sign-in events
    • Sign-ins with admin roles
    • Sign-ins external
    • Sign-ins failed
    • Risk detections
    • Sign-ins from anonymous IP addresses
    • Sign-ins from infected devices
    • Sign-ins from unfamiliar locations
    • Impossible travel to atypical locations
    • Sign-ins legacy protocols usage