SharePoint Auditing with ARKSP 2010

Information Technology Audits have been made mandatory as it is now requisite for many organizations to keep track of users’ access to critical information assets. IT audit systems and procedures must broadly address the following requirements or objectives:

  • maintain data integrity
  • safeguard information assets
  • allow organizational goals or objectives to be achieved effectively
  • use resources efficiently

Audit logs detailing events and changes to information have to be maintained as a part of organizations’ compliance needs. Increased vulnerability to security threats has also made companies to record events and manipulations to information assets to maintain data integrity and also withstand external threats.

Imagine auditing a SharePoint environment which hosts huge voluminous business critical information in SharePoint sites and lists with numerous users making changes to them constantly. Keeping track of this information trail is an uphill task and following are some of the challenges a SharePoint administrator would confront in auditing a SharePoint infrastructure:

Admin Report Kit for SharePoint (ARKSP) through its in-depth audit reports makes it easy
for
administrators
to audit their SharePoint infrastructure. The following are some of the Built-in reports that provide critical audit information addressing the above challenges:

  1. Web-Application Page Visits: Page Visits reports pages visited by users corresponding to a specific site within a web application.Fields reported: Front End Web Server, User, Web Application, Site URL, Page URL, Client IP Address and Visited Date.

    The report can also be ‘Grouped By’ to report information corresponding to the users and would give better insights on ‘who accessed what’.

  2. Audit-Deleted List/Site: Audit-Deleted List/Site reports give information about deleted lists and sites within a site collection corresponding to a given date range or for the given number of days. You can group this information to view details such as the date of deletion and the user who deleted the lists/sites.
    Reported Fields are: Web URL, Web Title, List URL, Occurred and Performed By.

    Grouping the above report by ‘Performed By’ field would give the user a better perspective of the List and Sites deleted by a user over a period of time.

  3. Audit-Group created/deleted: Audit-Group created/deleted reports give information about groups that are created or deleted at a site level in the last ‘N’ days. The report can also be generated for a specific date range. Details such as the user who created or deleted the groups are also reported.
    Reported Fields are: Web URL, Web Title, Group Name, Occurred and Performed By.

    The above report when grouped by ‘Performed By’ field reports the above information from a user perspective and would retrieve details of groups added or deleted by a corresponding user.

  4. Audit-Group member added/deleted: Audit-Group member added/deleted reports retrieve information about the members added/ deleted within a group in the last ‘N’ days.
    Reported Fields are: Web URL, Web Title, User Name, Group Name, Occurred and Performed By.

    Grouping the report by ‘Performed By’ field values reports group members added or deleted by the corresponding user.

  5. Audit-Permission Inheritance Changed: Audit-Permission Inheritance Changed report displays changes made in permissions inheritance corresponding to items, folders, lists and sites within a site collection. The scope of the report can be confined to specific date range or can include changes in the last ‘N’ days.
    Reported Fields are: Web URL, Web Title, Event Name, URL, Occurred and Performed By.

    Grouping the above report by ‘Occurred’ field values reports the above information from a date perspective and the user can view the changes made in permission level date-wise.

  6. Audit-Permission Level Added/Deleted/Modified: Audit- Permission Level Added/Deleted/Modified reports display any changes made in permission levels corresponding to a site. Permission Level newly created, modified or deleted is reported at a site level.
    Reported Fields are: Web URL, Web Title, URL, Permission Level, Occurred and Performed By.

    The above report when grouped by the ‘Performed By’ field values displays information about who modified what corresponding to the permission levels.

  7. Audit-Permissions Changed: Audit-Permissions Changed report displays information about changes in permissions settings of individual users and groups corresponding to a particular site. The date and time of occurrence and the modifier are also reported here.
    Reported Fields are: Web URL, Web Title, URL, Groups/Users, Occurred and Performed By.

    By grouping this report using ‘Performed By’ field, you can answer a very fundamental question: who changed what?

  8. Audit-Search: Audit-Search report provides information on the searches made by users across the site. The scope of the search i.e.at a site level or at a site collection level is also reported. The keywords used in basic search or the conditions imposed during Advanced Search options are also reported.
    Reported Fields are: Web URL, Web Title, Query, Search Scope, Occurred and Performed By.

    The above report when grouped by ‘Occurred’ field values displays the details of searches made within a date range.

  9. Site Permissions: Site Permissions report displays information about permissions defined across individual Users and Groups corresponding to each site.
    Reported Fields are: Web URL, Web Title, Groups/Users, Account Type, Description, Group Owners, Permission Levels and Members.

    The report can also be ‘Grouped By’ Users and Groups to know which individual users and groups have what permission levels corresponding to the site.

  10. Site Security: Site Security report gives information about various security settings defined at a site level.Reported fields: Web URL, Web Title, Allows Anonymous Access, Anonymous state, Allow unsafe updates, Authentication Mode, Has External Security Provider, Inherits Role Assignments, Inherits Role Definitions, Request Access Enabled and Request Access E-mail.

    Grouping By authentication mode retrieves the security settings defined in accordance to specific authentication mode.

  11. Site Visitors: Site Visitors report displays information about visits made by users corresponding to a site.
    Reported Fields are: Web URL, Web Title, User, Total Hits, Recent Month Hits, Recent Day and Recent Day Hits.

    Grouping this report by User reports the total number of visits including the users’ recent visit to the corresponding site.

  12. Audit-Checked In/Checked out Items reports: Audit-Checked In/Checked out Items reports provide information about individual list items that are Checked In and Checked Out pertaining to a specific list in a site.
    Reported Fields are: Web URL, Web Title, List Name, Item URL, Occurred and Performed By.

    The above report when grouped by ‘Performed By’ fields displays the items Checked In and Checked Out corresponding to a user. The same when grouped by ‘Occurred’ field values would display the items Checked In and Checked Out corresponding to the specific date.

  13. Audit-Copied Items: Audit-Copied Items report retrieves information about individual List items that are copied from a source list location to a destination list location. The Source URL and the Destination URL of the copied List items are also displayed.
    Reported Fields are: Web URL, Web Title, List Name, Source URL, Destination URL, Occurred and Performed By.

    Grouping the report by ‘Performed By’ displays the individual list items copied corresponding to a user.

  14. Audit-Visited/Deleted Items: Audit-Visited/Deleted Items reports give information about individual list items corresponding to a list that were visited/deleted.
    Reported Fields are: Web URL, Web Title, List Name, Item URL, Occurred and Performed By.

    The above report when grouped by ‘Performed By’ field values displays the items visited or deleted corresponding to specific users.

  15. Last Deleted items/Modified items: Last Deleted Items and Last Modified Items reports display information about individual list items that were deleted and modified for the last ‘N’ days.Reported Fields are: Web URL, Web Title, Item URL, Item Name, Deleted By/Modified By User name, Deleted/Modified by Display Name, Modified/Deleted Date, Created By-User Name, Created Date, Last Modified By-User Name, Last Modified Date and Size (in MB).

    Grouping the reports by User name reports list items modified or deleted by the corresponding user for a corresponding date range.

  16. List Activity: List Activity report displays the First and the last activities with related users’ names corresponding to the List.Reported Fields are: Web URL, Web Title, List URL, List Name, First Activity Item Name, First Activity Item URL, First Activity Date, First Activity-User Name, First Activity-Transaction, Last Activity Item URL, Last Activity-Item Name, Last activity Date, Last Activity-User name and last Activity-Transaction.
  17. List Folders Security: List Folder Security report generates information about the Groups/Users and their permissions assigned to each folder and its sub folders corresponding to the list.Reported Fields are: Web URL, Web Title, Base Template, List Name, Folder Name, Folder URL, Groups/Users and Permission Levels.

    Grouping the above report by Users and Groups gives a meaningful perspective to the permission levels granted for Users and Groups corresponding to the Folders and sub-folders.

  18. List Hits: List Hits report retrieves information about the number of visits made in the last ‘N’ days along with the most recent visit information corresponding to the list.Reported fields are: Web URL, Web Title, List name, Total Hits, Recent Month Hits, Last Accessed Day and Last Accessed Day Hits.
  19. List Item Security: List Item security displays information about individual users and groups and their permission levels assigned against individual list items.Reported Fields are: Web URL, Web Title, Base Template, List Name, Item URL, Item Name, Users/Groups and Permission Levels.

    Grouping the above report by Users/Groups reports permission levels associated with Users and groups corresponding to a list item. Grouping the report by permission levels would gives the users an indication about who has the most privileges granted against specific list item.

  20. List Visits: List Visits reports total visits corresponding to individual list items over the last ‘N’ days.Reported Fields are: Front-end Web Server, Item URL, Item ID, Total Visit Count, Item Name, Item Visit URL, Visit Count, Action, Visited By, Visited Date and Visited Time.

    Grouping the report by ‘Visited By’ reports the visits made by the corresponding user over the specific date range.

  21. Newly Added Items: Newly Added Items report displays the individual list items that were created over the last ‘N’ days.Reported Fields are: Web URL, Web Title, item URL, Item Name, Created By-User name, Created By-Display name, Created Date and Size (in MB).

    The above report when grouped by ‘Created By-User name’ displays the list items newly created by the user. Grouping the same in order of their ‘Created Date’ would display list items that were added corresponding to the specific dates.

Page Visits Report – An Example

Let us take an example where the SharePoint administrator intends to generate a report on visits made corresponding to a page within a site and individual list items within a list. Let’s see how ARKSP makes it easy for the administrators.

Screenshot of Audit-Page Visits report:

The above screenshot shows the Audit-Page Visits report (Quick Reports à Site à Audit-Page Visits) corresponding to the specified site. The report displays information about the Pages visited by the specified users in the last 30 days.

The same report to show information from an users’ perspective i.e., who has accessed what over the last 30 days by grouping this data using the ‘Performed By’ field.

Screenshot of Audit-Page Visits-Grouped By-‘Performed By’:

The above screenshot shows the Page Visits made by the user “SHAREPOINTsystem”. The page visits information is reported from a users’ perspective.

Let’s see how ARKSP enumerates the individual list items visited by users in the last 7 days.

Screenshot of Audit-Visited Items report:

The above screenshot shows the Audit-Visited Items report (Quick Reports à List à Audit-Visited Items) corresponding to the List. The report enumerates the users who visited the List items in the last 7 days.

The same report can be customized to display the above information according to date, meaning the visits can be reported date-wise based on the time stamp of the visit.

Screenshot Of Audit-Visited Items-Group By-Occurred:

The above report displays the Visited Items and their corresponding information based on the occurrence i.e., date and time of the visit. ARKSP with its multi-dimensional reporting allows users to generate meaningful reports across various perspectives and provides valuable insights to administrative users.

ARKSP with its insightful and customizable reports reduces the SharePoint administrators’ overhead in auditing the SharePoint infrastructure.

For more information about ARK for SharePoint 2010 visit our product homepage at:

http://www.vyapin.com/products/sharepoint-reporting/sharepoint-farm-reporter