Change Auditor provides total auditing and security coverage for your enterprise network.
Change Auditor audits the activities taking place in your infrastructure and, with real-time alerts, delivers detailed information about vital changes and activities as they occur. Instantly know who made the change including the IP address of the originating workstation, where and when it occurred along with before and after values. Then automatically turn that information into intelligent, in-depth forensics for auditors and management — and reduce the risks associated with day-to-day modifications.
What’s new in this version
• Change Auditor and On Demand Audit integration
Quest On Demand Audit is a Software as a Service (SaaS) application, available through quest-ondemand.com that provides extensive, customizable auditing of critical activities and detailed alerts about vital changes taking place in Microsoft Office 365 and Azure Active Directory.
By integrating with Change Auditor and sending Active Directory event data, you can gain visibility to on premises changes (including events gathered up to 30 days prior to installing or upgrading Change Auditor 7.0).
• Azure Active Directory and Office 365 enhancements
▪ Events added that track changes to calendar delegation, group membership in SharePoint Online, folder permissions in online mailboxes, inbox rules for online mailboxes, and file synchronizations between OneDrive for Business and a local OneDrive folder.
▪ Ability to specify the generic events to exclude from auditing based on their operations. (The Office
365 OneDrive for Business event, Office 365 SharePoint Online event, and Office 365 Exchange Online event are generic dynamically constructed events created when associated activity is detected that does not have a corresponding event defined in Change Auditor.)
▪ Ability to search on the group membership changes for SharePoint Online and OneDrive by specifying the group or member as the search criteria.
▪ Ability to search both target and subject (secondary target) display names using additional event columns (Azure - Subject Sync Type, Azure - Subject Display Name, Azure - On-premises Subject, and Subject Name).
▪ Ability to use subject as search criteria in the "Target" field for Azure Active Directory searches.
• Threat Detection enhancements
▪ Ability to upgrade your existing Threat Detection server through PowerShell using the UpdateCAThreatDetectionServer command.
▪ The Threat Detection dashboard displays high risk user details such as their photo, display or logon name, job title, department, and their address. When investigating a user or an alert for a specific user, you will also see details such email and their manager’s email address, department, and office.
▪ Threat Detection dashboard displays local date and time.
• Additional internal events
▪ Events to track changes to Application user interface roles, tasks, and application groups.
▪ Event generated when a purge/archive job fails.
▪ Events to track changes to Splunk, QRadar, ITSS and ArcSight subscriptions.
• Additional platform support:
▪ Windows Server 2019 for web client and Logon Activity auditing
▪ Windows Server 2019 Server Core (Active Directory, File system, Registry, Services, local user and group and Exchange 2019 auditing only)
▪ Microsoft SharePoint Server 2016
▪ Microsoft Exchange Server 2010 RU26 and RU27
▪ Microsoft Exchange Server 2013 CU22 and CU23
▪ Microsoft Exchange Server 2016 CU13
▪ Microsoft Exchange Server 2019 and 2019 CU1
▪ Microsoft SQL Server 2012 SP4 for SQL auditing
▪ Microsoft SQL Server 2014 SP3 for SQL and SQL DLA auditing, and coordinator database
▪ Microsoft SQL Server 2017 for SQL auditing
▪ .NET 4.7.1 Framework for the coordinator
▪ SCOM 2012 and 2016
▪ GPOADmin 5.13.5
▪ Active Roles Server 7.3.2
▪ EMC Unity 4.5.0
▪ NetApp 9.5
▪ One Identity Defender 5.9.3
▪ One Identity Authentication Services 4.2
▪ The following are no longer supported:
Windows 7 for the Change Auditor windows client
Windows Server 2008 R2 for all components except agents
SQL server 2008 an