Windows Registry Activity

Owned by Steve Challans
Feb 15, 2024
1 min read

The Windows Registry Activity logs come in either local system time or UTC time if that was selected in the agent. So any activity needs to factor in the time difference for your timezone. Some parts of the dashboard only show data for the last 4 hours as cloud logs can generate massive volume of events. If longer search times are desired then its best to use the event search feature to search for logs over longer time period.

Selecting a chart component such as the pie segment, graph item will link through to the Text Details tabular output where you can search and perform additional filtering of the selected data and time period.

The dashboard contains the following widgets.

  • Registry Activity - This shows the file activity for today.

  • Registry Activity by System - this shows the number of registry changes for each system relative to the other systems.

  • Registry Activity by User - this shows the number of changes related to specific users making registry changes.

  • Text Details - the drill through of the selected items in the widgets.

 

Â