The Windows group change activity page covers the actions performed on the windows groups. Users added and removed to groups will have their permissions increased or removed. Some activity maybe part of normal business as usual activity however users that are added to privileged groups should have approval processes followed. By tracking unusual patterns of activity on systems either local groups or domain based groups can be monitored for each system along with the specific privileged groups. Some parts of the dashboard only show data for the last 4 hours as some Windows systems can generate massive events. If longer search times are desired then its best to use the event search feature to search for logs over longer time period.
Some key aspects of the changes are:
...