For better reporting within your enterprise, you can edit the activity signatures. This is similar to applying a filter: you can specify the Username, User Domain, Computer, and other relevant information that you want to detect.
In the CyberSafe Log Analyst scope pane, right-click the CyberSafe Log Analyst node and choose Signature Editor from the shortcut menu.
In the Signature Fields dialog box, click the arrow to select the signature you want to edit. A brief description of the activity signature appears in the field below the name.
Under the Field Name column, select the field you want to edit and click Edit Filter. The Edit Filter dialog box appears.
In the Edit Filter dialog box, check the box to Apply a Filter to this Field.
In the Value field, enter the filter value(s). Separate multiple values with a comma. You can enter up to 1,024 characters in each field. Each field is case-sensitive. For example, if you use all lower-case letters in your domain names, enter all lower-case letters.
If available, select the button to indicate you want to report events that contain All, Partial, or None of the value(s) you entered in the previous step.
Click OK to exit the Edit Filter dialog box.
In the Signature Fields dialog box, do one of the following:
To edit another signature, click the arrow to display the list of activity signatures.
To exit the Signature Fields dialog box (and save all of your edits), click OK.