Chat now with support

Get Live Help
Complete Registration

Sign In

Request Pricing

Contact Sales

Change Auditor 7.3 - Whats New

Table of Contents

What's New in Change Auditor 7.3

SQL Extended Events auditing (Preview) Active Directory Database auditing enhancements Active Directory Database protection enhancements Event forwarding to Microsoft Sentinel Security improvements Logon Activity auditing enhancements PowerShell improvements Additional platform support Miscellaneous features and enhancements

What's New in Change Auditor 7.2

Cyber security enhancements Certificate authentication for Office 365 Active Directory Federation Services auditing enhancements Foreign forest support Additional events Additional platform support Miscellaneous features and enhancements

What's New in Change Auditor 7.1.1

Additional Office 365 Exchange Online mailbox events Enhanced security auditing Search enhancements SIEM tool integration improvements Ability to audit and protect the Active Directory Database Ability to audit Active Directory Federation Services Foreign forest support Authentication enhancements Additional platform support Miscellaneous features and enhancements

What's New in Change Auditor 7.1

Azure Active Directory and Office 365 updates Active Directory updates Foreign forest support On Demand Audit integration updates Authentication and Logon activity updates Additional platform support Miscellaneous features and enhancements

What's New in Change Auditor 7.0.4

Foreign forest support Additional internal events Azure Active Directory and Office 365 updates Threat Detection enhancements SIEM subscription updates and enhancements Additional platform support Miscellaneous features and enhancements

What's New in Change Auditor 7.0.3

Change Auditor and On Demand Audit integration Azure Active Directory and Office 365 enhancements Threat Detection enhancements Additional internal events Additional platform support Miscellaneous features and enhancements

What's New in Change Auditor 7.0.2

Threat Detection updates and enhancements SIEM subscription updates and enhancements Additional PowerShell commands Ability to search based on authentication type and port Enhanced security between Change Auditor components (FIPS compliance) Azure Active Directory and Office 365 enhancements Additional platform support Miscellaneous features and enhancements

What's New in Change Auditor 7.0.1

GDPR built-in reports SIEM tool integration improvements Azure Active Directory auditing improvements Active Directory auditing improvements Improved tracking of changes to searches Additional platform support Email alert improvements Office 365 Exchange Online search improvements Miscellaneous enhancements and updates

What's New in Change Auditor 7.0

Updated license format Ability to forward event to third party tools Enhanced data security between the SQL Server and the coordinator Ability to manage Active Directory protection with PowerShell commands Ability to identify Read-Only Domain Controllers Search enhancements New built-in searches Additional platform support Miscellaneous enhancements and updates

Enhanced security auditing

•

Event generated when an agent's configuration for Kerberos ticket lifetime is changed:

•

Agent configuration Kerberos Ticket Lifetime changed

•

Event generated when Kerberos auditing components are not on the domain controller resulting in Kerberos authentication events not being captured:

•

Kerberos auditing components failed to load

•

Ability to detect when an irregular domain replication request is performed which could indicate a potential threat:

•

Irregular domain replication activity detected

•

Additional built-in searches:

•

All Irregular Domain Replication Activity Events under Shared | Built-in | All Events

•

All Kerberos user ticket events that exceed the maximum ticket lifetime in the past 30 days under Shared | Built-in | Logon Activity

Search enhancements

•

Ability to search and filter events based on the coordinator that processed them.

•

Updated Coordinator Statistics page:

•

Coordinator ID column to identify the coordinator that processes the events.

•

Hyperlinked columns to run a quick search for associated events for each coordinator.

•

Search results include the Coordinator ID to identify the coordinator that processed the event.

•

Layout tab includes a Coordinator ID column to sort and order results by coordinator.

•

Ability to see failure reason and status code in Active Directory failed search results.

•

Ability to see the full search folder path to identify the location for all search folder changes.

•

Updated default columns for the "All Failed Logons in the last 7 days” report.

•

Updated operators access when using the search commands:

Full access when using the following commands:

•

Invoke-CASearch

•

•

Get-CASearchDefinition

Restricted access to private searches and folders when using the following commands:

•

Set-CASearchProperties

•

•

•

•

Remove-CASearch

•

Add-CASearchFolder

•

Remove-CASearchFolder

SIEM tool integration improvements

•

Ability to send the rich events gathered by Change Auditor to a Syslog server.

•

Events to monitor changes to syslog subscriptions have been added:

•

Syslog subscription added

•

Syslog subscription modified

•

Syslog subscription removed

Ability to audit and protect the Active Directory Database

Ability to audit and protect the Active Directory Database

Change Auditor allows you to monitor the Active Directory database (NTDS.dit) file for possible unauthorized access attempts. When configured, Change Auditor can also prevent copying and other tampering attempts on the Active Directory database (NTDS.dit) file.

Extraction of this file could lead to parsing of usernames and passwords resulting in a security breach. The ability to audit changes to this file reduces the risk of the user account information from being accessed and tampered with by unwanted processes or users.

The following events have been added:

•

Active Directory database file access rights changed

•

Active Directory database file accessed

•

Active Directory database file attribute changed

•

Active Directory database file auditing changed

•

Active Directory database file central access policy changed

•

Active Directory database file classification changed

•

Active Directory database file created

•

Active Directory database file deleted

•

Active Directory database file last write changed

•

Active Directory database file moved

•

Active Directory database file ownership changed

•

Active Directory database file renamed

•

Failed Active Directory database access (Sharing violation)

•

Failed Active Directory database access (Change Auditor Protection)

•

Failed Active Directory database access (NTFS permissions)

The following built-in searches have been added:

•

All Active Directory Database Events under Shared | Built-in | All Events

•

Active Directory Database Events in last 30 days under Shared | Built-in | Security | Domain Controller Security

•

GDPR - Active Directory Database Events in last 30 days under Shared | Built-in | Regulatory Compliance |GDPR |Audit and Accountability | Active Directory

•

GDPR 32 - Active Directory Database Events in last 30 days under Shared | Built-in | Regulatory Compliance |GDPR |Security of Processing (32) | Active Directory

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating

© 2024 Quest Software Inc. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy Cookie Preference Center