How does the agent get the audited events.
Change Auditor attaches its modules onto system processes (e.g. LSASS.EXE) and captures changes performed by users. Change Auditor also monitors these changes to see if an object is under Change Auditor’s protection scheme. Protected operations are then blocked from being committed and an error is returned to the system.
For Exchange Change Auditor attaches its module into the Exchange RPC client access process and captures mailbox requests from users which are then audited in the Change Auditor database. Similarly OWA, EWS and ActiveSync requests are captured with IIS extensions, performing essentially the same functions.
© ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center