Host Security Profile Change Tracking

This report helps you monitor changes that were made to the security settings of your vSphere hosts. The report analyzes host security profile changes (for example, changes to firewall or services), provides detailed information on changes (including drill-down showing the user who made the changes) and helps track the most frequently changed properties.

Example Output

In this example, the report allows you to track host security profile changes applied to a specific vSphere host during the previous week.

To run this report:

  1. From the From list, select Previous week > Monday. From the To list, select Previous week > Friday.
  2. In the Scope section, select VMware Security Profile Group and click Remove. Then include the necessary host in the report.
  3. In the Properties field, select all properties.
  4. From the Group changes by list, select Property.
  5. From the Group objects by list, select Name.
  6. Click Run to view the report.

Host Security Profile Change Tracking Report Settings

In the Summary section, the report will display the Top 5 most changing properties chart with 5 most frequently changed properties.

The details section will provide the following information: name of the changed property, last specified property value and number of times the property was changed:

Host Security Profile Change Tracking Report Output

It can be seen from the report output that the most frequently changed property was the SecurityRule vSphere HA Agent property, it has been changed 4 times during the previous week.

For each registered property change, the report will also provide the date of change, old and new property values.

Host Security Profile Change Tracking Report Output Details

You can click the Total number of changes link or the date of the change to drill down to the Microsoft Custom Event report:

  • If you click the Total number of changes link, the Custom Event report will display all events for the object for the selected time interval.
  • If you click the date of change, the Custom Event report will display events for the day previous to the time stamp.

The Custom Event report will provide information on the date and time of the change and the user who changed configuration. If you want to include more parameters in the report, click the Show or Hide Parameter Area button to open the report parameters and include more options in the Report Fields.

Custom Event Report