Most reports in Windows Server State-in-Time set enable you to specify baselines. A baseline defines a certain safe level or state. If a server parameter falls below it, it is a considered a threat or at least merits your special attention. With baselines specified right in report filters, you can easily identify aberrant servers, i.e. those that are different from your corporate policies or best practices. Risks are marked with red color and are easy to spot in the report.
You can specify baseline values specific to your organization in one of the following ways:
As a baseline filter value in the report filters. Baselines in the field should be separated by commas.
While inputting text inline is easy, your baseline values will not be preserved for the next report generation. You will have to input them every time you generate a report. This method is recommended you plan to subscribe to this report.
In a special file stored on the computer where your Audit Database resides.
To secure your baseline values for the next report runs, create a text file with baselines; baselines in this file should on a separate line. In the report, provide a link to this file inside the baseline filter. You should create a separate file for each baseline. In this case, the baselines will be reused every time you run the report.
NOTE: Make sure the account running your SQL Server instance service with Audit Database has permissions to access the baseline file. Otherwise, Netwrix Auditor will not be able to process them.
To learn more about state-in-time reports, refer to State–in–Time Reports.