With v2.2, Q-Audit introduced Systems that allow admins to restrict the data visible to users through the use of Splunk roles. Beginning in v3.0, System managers can define system-specific Baseline and Watchlist applications and system-specific Privileged users. Consequently, the Admin Access and Escalation, User/Host Investigation, Real Time Monitoring, and Risk Summary dashboards now support System-specific Privileged users.
Furthermore, the Applications, User/Host Investigation, Real Time Monitoring, and Risk Summary dashboards now support System-specific Baseline and Watchlist applications. A new Attributable Events Alerts dashboard provides additional insight into fired alerts.