State–in–Time Reports

The state-in-time reports functionality allows generating reports on the system's state at a specific moment of time in addition to change and activity reports. State-in-time reports are based on the daily configuration snapshots, and reflect a particular aspect of the audited environment.

Looking for real-life use cases and walk through examples? Check out Netwrix training materials. Go the Using State-in-Time Reports page on Netwrix website.

This functionality is currently available for the following data sources:

  • Active Directory
  • File Servers
  • Exchange Online
  • Windows Server
  • SharePoint
  • SharePoint Online
  • Group Policy
  • SharePoint
  • SQL Server
  • Office 365
  • VMware

IMPORTANT! To provide data for state-in-time reports, remember to select the Collect data for state-in-time reports option when you configure a monitoring plan for the selected data source. See Settings for Data Collection for more information.

The state-in-time reports are available under the Reports node. Depending on the data source, navigate to the corresponding subfolder, for example, Predefined Active Directory Active DirectoryState-in-Time.

Data source Report location

Active Directory

Predefined Active Directory Active Directory State-in-Time

Group Policy

Predefined Active Directory Group Policy—State-in-Time

Exchange Online

Predefined Exchange OnlineExchange Online—State-in-Time

File Servers

Predefined File Servers File Servers—State-in-Time


Predefined SharePoint SharePoint—State-in-Time

NOTE: The Account Permissions in SharePoint and SharePoint Object Permissions state-in-time reports list detailed permissions and permission levels by user account. See Means Granted for more information.

SharePoint Online

Predefined SharePoint Onine SharePoint Online—State-in-Time

SQL Server

Predefined SQL Server SQL Server—State-in-Time

Windows Server

Predefined Windows Server Windows Server—State-in-Time

Most reports in this set provide baselining capabilities. See Baseline Reports for more information.


Predefined VMware VMware —State-in-Time

NOTE: In the report filters, select a monitoring plan you want to generate a report for. To review data sources and items included in each plan, navigate to the Monitoring Plans section.

NOTE: Each report has a set of filters which help organize audit data in the most convenient way. See Using Report Filters for more information. You can also create a subscription to any report you want to receive on a regular basis. See Subscriptions for more information.

By default, state-in-time reports reflect the current state of the data source. If you want to generate a report to assess your system at a particular moment in the past, you can select the corresponding snapshot from the Snapshot Date filter.

NOTE: To be able to generate reports based on different snapshots, ask your Netwrix Auditor Global administrator to import historical snapshots to the Audit Database, otherwise only the Current Session option is available in the drop-down list.

When auditing file servers, changes to both access and audit permissions are tracked. To exclude information on access permissions, contact your Netwrix Auditor Global administrator or Configurator of this plan.