Change Auditor provides total auditing and security coverage for your enterprise network.
Change Auditor audits the activities taking place in your infrastructure and, with real-time alerts, delivers detailed information about vital changes and activities as they occur. Instantly know who made the change including the IP address of the originating workstation, where and when it occurred along with before and after values. Then automatically turn that information into intelligent, in-depth forensics for auditors and management — and reduce the risks associated with day-to-day modifications.
What’s new in this version
Threat Detection updates and enhancements:
• Access to an update script and configuration commands to easily upgrade the Threat Detection server.
• Support for deploying the Threat Detection server on Hyper-V.
• Ability to enable single sign-on access for the Threat Detection dashboard.
• Ability to specify a root password during the Threat Detection server deployment.
• Ability to review the Threat Detection configuration status in the Change Auditor client (configuration page).
• New events listed under the “Threat Detection - Risky User" and "Threat Detection - Alert" facilities.
• Additional events details such as alert name, score, severity, and the number of alerts; when the Threat Detection server started processing the alert; name of indicators associated with the alert; user risk score and severity; number of points the alert adds to the user risk score (contribution to user score); old and new severity values; tags that identify whether the user is an administrator or a watched user; and comments that identify when an alert is set to 'not a risk’ or 'actual risk’.
• A link to the Threat Detection dashboard from the event details pane to quickly gain more information on the potential threat.
• Additional built-in searches for all Threat Detection events, risky user events, and alert events in the last 7 days and all Threat Detection risky user and alert events in the last 24 hours.
SIEM subscription updates and enhancements:
• Ability to modify the subsystems included in a SIEM subscription.
• Ability to encrypt QRadar subscriptions with TLS/SSL.
• Ability to include and display the raw JSON event details provided by Microsoft for Office 365 and Azure Active Directory events.
• Ability to forward events to Quest IT Security Search (Preview mode).
Additional PowerShell commands to help you manage your Change Auditor deployment:
• Assign, remove, and get an auditing template for a Change Auditor configuration.
• Assign an auditing configuration to a Change Auditor agent.
• Run a search.
• Manage Windows file system auditing.
• Create and manage a Quest IT Security Search event subscription. These commands are in preview mode for this release.
Ability to search based on additional authentication types and port. For Active Directory, AD Query, and Exchange events, you can search events based on the port and the authentication type (SSL/TLS, Kerberos, or Simple Bind).
Enhanced security between Change Auditor components (FIPS compliance). FIPS compliant practices are implemented in Change Auditor wherever possible. The following subsystems guarantee FIPS compliant communications:
• Active Directory
• AD Queries
• AD LDS
• Windows File Server
• Logon Activity
All other subsystems are not considered completely FIPS compliant due to limitations related to handling and passing of data through communications with external products.
Azure Active Directory and Office 365 enhancements:
• Ability to enable Windows event logging for Azure Active Directory auditing.
• Ability to use an existing Azure web application when creating an Azure Active Directory or Office 365 auditing template.
• Additional Azure Active Directory details available for email alerts (%OWNER% (user) and %MANAGER%).