There is no such company where the question "Give me information on all the actions with this document ASAP" doesn’t rise from time to time. It’s worse, when this question is asked on the list items which have been already deleted. It's not so fun to look for it in the recycle bin, pull GUID out of it and then search this GUID in the audit logs.
HarePoint Analytics allows you to receive this data literally in a couple of clicks, even on servers where audit logs are switched off or cut, because the product does not collect data at the level of log files, but at the level of addressing to the server.
Audit of documents
To see all the actions from the document, you can use report "Document usage". After its creation, you can apply a filter by name, mask, or the document location. Or, to put a filter on the user name to see all of his actions with the documents on the site.
Thus, this report is suitable to investigate both user activity on the site and user interaction with the document. The product contains 15 reports on the documents and allows you to get answers to any questions. For example, how many and what kind of documents, and from what libraries have been deleted in the past week? Report "Document libraries usage" provides detailed statistics:
Clicking on any digit in the report opens a detailed report showing exactly what documents were operated with, by who and when. Also reports on visits of the site can show you from which computer in the company the site was visited.
Lists and list items usage
A similar set of reports is for lists, and for list items. Thus, report "List items usage" allows you to obtain the list of all actions with list items for a particular user, or, depending on the filters used to obtain the actions, of all users with a specific element. Thus, in contrast to the audit logs, list items can be seen by the title (if it is available for this list):
Conclusions
HarePoint Analytics reports save considerable time for investigating the incidents. And can, in contrast to the audit logs, immediately give a generalized statistics in tabular and graphical form. This allows you to identify suspicious activity of users without additional data processing. Together with the data on site visits, reports also allow you to investigate the misuse of accounts of other people and to identify the computers from which the addressing was made.