The Windows Administrative Activity dashboard shows an overview of Windows administrative Activity in the environment. Key actions such as user accounts added and removed, audit logs cleared, Applocker events, Windows Group changes, and system audit policy changes. Many of these functions are part of normal day to day operations but can also be used for malicious activity. Some parts of the dashboard only show data for the last 4 hours as some Windows systems can generate massive events. If longer search times are desired then its best to use the event search feature to search for logs over longer time period.
The key dashboard components are:
...