From 47f11b02f3169339208907f6080e1c496e530932 Mon Sep 17 00:00:00 2001 From: pavelshabanov2025 Date: Thu, 19 Feb 2026 19:41:52 +0500 Subject: [PATCH] Remove 'Before' and 'After' filter descriptions --- docs/auditor/10.8/admin/search/filteradvanced.md | 9 --------- 1 file changed, 9 deletions(-) diff --git a/docs/auditor/10.8/admin/search/filteradvanced.md b/docs/auditor/10.8/admin/search/filteradvanced.md index 0f8066743e..2bcac467f0 100644 --- a/docs/auditor/10.8/admin/search/filteradvanced.md +++ b/docs/auditor/10.8/admin/search/filteradvanced.md @@ -33,17 +33,8 @@ information: | Working hours | Limits your search results to entries that occurred within the specified hours. You can use this filter together with When if you need, for example, to search for activity in the non-business hours during the last week. | You are investigating an incident and want to know who accessed sensitive data outside business hours. You can set this filter as Not equal to and specify the time interval from 8:00 AM to 6:00 PM. Filtered data will include only operations that occurred outside this interval, that is, during non-business hours. | | Data categories | Limits your search results to entries that contain sensitive data complying with a classification rule. You can use this filter together with Equal to PCIDSS to, for example, search for sensitive files that contain data regulated by the PCIDSS. | You are searching all documents containing cardholder data that can potentially be mapped with the PCIDSS compliance standard. You can set this filter as equal to and specify the value as PCIDSS. Filtered data will contain only files that match this criteria. This filter shows activity records collected from the following data sources: Windows File Servers, SharePoint, SharePoint Online. | | Details | Limits your search results to entries that contain the specified information in the Details column. The Details column normally contains data specific to your target, e.g., assigned permissions, before and after values, start and end dates. This filter can be helpful when you are looking for a unique entry. | You discovered that a registry key was updated to "242464". Now you want to investigate who made the change and what the value was before. You can set the Details filter to 242464 to find this change faster. | -| Before* | Limits your search results to entries that contain the specified before value in the Details column. | You are investigating an incident in which the SAM-account-name attribute was changed for an account in your Active Directory domain. You can set the Before filter to the previous name (e.g., John2000) to find the new name faster. | -| After* | Limits your search results to entries that contain the specified after value in the Details column. | You are investigating a security incident and want to know who enabled a local Administrator account on your Windows Server. You can set the After filter to this account's current state (e.g., Enabled) to find this change faster. | | Everywhere | Limits your search results to entries that contain the specified value in any column. | You are investigating a security incident. You have already identified the intruder (e.g., BadActor) and now you want to see all actions made by the intruder's account or with it. Since the intruder can be the actor (Who), the object (What), or can even show up in details, set the Everywhere filter to the intruder's name. | -\* If you plan to audit an SQL Server for data changes and browse the results using 'Before' and -'After' filter values, make sure that the audited SQL database tables have a primary key (or a -unique column). Otherwise, 'Before' and 'After' values will not be reported. - -\* – If you plan to audit an SQL Server for data changes and browse the results using 'Before' and -'After' filter values, make sure that the audited SQL database tables have a primary key (or a -unique column). Otherwise, 'Before' and 'After' values will not be reported. ## Search Conditions