This article provides guide on how the archive search auditing and alerting feature works.
The feature provides additional security and auditing options for administrative archive searches, by enforcing a search reason for each search. When enabled, any administrator attempting to run an archive search is required to enter a search reason before the search is executed.
Search reasons are logged in the Search Logs, to allow you to audit administrative searches. This ensures they are being carried out in accordance with any company or regulatory policies in your organization.
See the Search Logs section of Archive Logs, for further details.
Where are Search Reasons Enforced?
An administrator attempting to run a search or view search results from the following areas is required to provide a search reason:
- Archive Search.
- Saved Search.
- Smart Tags.
- File Archive tags.
- Lync IM tags.
- Exports of Saved Searches.
- Exports of eDiscovery cases.
- Viewing results of searches within eDiscovery cases.
Enabling Search Auditing
This feature is enabled using the Enforce Archive Search Reason setting in the Mimecast Administration Console, by navigating to Account | Account Settings, then selecting System Notification Options. This setting is only available to administrators assigned to the Super Administrator role.
If Privileged Access Notifications are enabled, the search reason will also be included in these notifications.
Comments
Please sign in to leave a comment.