STEALTHbits ProTip: Maximize Your StealthAUDIT Investment with Reporting

STEALTHbits ProTip: Maximize Your StealthAUDIT Investment with Reporting

Utilizing StealthAUDIT Reporting

This month I’d like to touch on a fairly unknown usability feature within StealthAUDIT. The Reports Only mode allows the console to be run without risk of triggering any collections or affecting any already existing data sets.

There is an underused (but very useful) command line switch that allows you to run StealthAUDIT so that it can only generate reports. When run in Reports Only mode the Query, Analysis, and Action functions will be disabled.

From the command line, first we need to change the working directory, targeting the StealthAUDIT install directory as represented by an Environmental Variable (i.e., %sainstalldir%) configured during installation. Enter “cd %sainstalldir%” into a command window like so:

StealthAUDIT Reporting


Once working within the proper directory, StealthAUDIT.EXE should be run with the “/reportsonly” switch:


If done properly the console will open and the Title Bar will now show (/ReportsOnly) as seen here:


Now you can safely run reports without in any way impacting your existing data. I use this frequently to rebuild my Report Index or work on reporting for specific projects.

Don’t miss a post! Subscribe to The Insider Threat Security Blog here:


Leave a Reply

Your email address will not be published. Required fields are marked *


This site uses Akismet to reduce spam. Learn how your comment data is processed.

Start a Free Stealthbits Trial!

No risk. No obligation.