Chatee ahora con Soporte
Chat con el soporte

Security Guardian Current - User Guide

Introducing Quest Security Guardian Audit
Configuring Audit Working with Audit
Using the Audit Dashboard Searching for specific event data (Quick Search) Working with critical activity Working with searches Working with alerts and notification templates Auditing Microsoft Entra Auditing Microsoft 365
Findings Tier Zero Objects Shields Up Protection (Prevention) Privileged Objects Managing Workload Identities Assessments Hybrid Audit Security Settings Appendix - Available Audit Search Columns and Filters Appendix - Security Guardian Indicator Details Appendix - Data Collection Details Documentation Roadmap

Customer data storage

You can integrate one or more on premises installations of Change Auditor into an On Demand organization. An organization must be selected for each connected Change Auditor installation. The selected organization determines the storage location of all customer data, and the Azure region to which Change Auditor will transmit on premises Change Auditor event data. In the same manner as other data is handled, On Demand ensures that on premises data remains within the same Azure data center regions outlined above.

Customers must select an organization in the correct region for their data residency requirements depending on their individual requirements and configuration for each installation of Change Auditor. All on premises data from Change Auditor is transmitted and retained in the selected On Demand organization and region. Depending on the configuration and global deployment of Change Auditor, customers can configure On Demand so that the organization will store data from multiple on premises global locations in a single On Demand organization region. In a similar manner, the customer could configure On Demand to transmit data from on premises Change installations across a regional geographic boundary.

Registering a Change Auditor Installation

Change Auditor installations are configured through the Change Auditor client. Once an installation is registered, Change Auditor will begin sending event data.

NOTE: Once a configuration is in place, all coordinators which belong to the Change Auditor Installation will be registered with On Demand.

NOTE: To create the configuration, you must use the account that created the On Demand subscription or an account that has been delegated the appropriate permissions from your On Demand administrator.

  • If you do not own the On Demand subscription, you need to contact your On Demand administrator for access.
  • If you are the On Demand administrator, you can delegate the required permissions by adding the required accounts to the Auditing Administrator role through the On Demand Access page. See Adding a user to an organization for details.

NOTE: Required URL access

 

To create a configuration with On Demand in US region, Change Auditor clients and coordinators must be able to access:

To create a configuration with On Demand in Europe region, Change Auditor clients and coordinators must be able to access:

To create a configuration with On Demand in the Canada region, Change Auditor clients and coordinators must be able to access:

To create a configuration with On Demand in the UK region, Change Auditor clients and coordinators must be able to access:

To create a configuration with On Demand in the Australia region, Change Auditor clients and coordinators must be able to access:

To send events to On Demand in US region, Change Auditor coordinators must be able to access:

To send events to On Demand in Europe region, Change Auditor coordinators must be able to access:

To send events to On Demand in the Canada region, Change Auditor coordinators must be able to access

To send events to On Demand in the UK region, Change Auditor coordinators must be able to access

To send events to On Demand in the Australia region, Change Auditor coordinators must be able to access

To create a configuration

  1. From the Change Auditor client, select View | Administration.
  2. Select Configuration | On Demand Audit.
  3. Select Sign in and Configure to create the connection.
  4. Enter your Quest account credentials to sign in to On Demand.
  5. Choose the required organization if prompted and click Select Organization.
  6. By default, the current installation name is used for the configuration name. If required, you can enter a different name for the configuration. This is the configuration name used in On Demand; it does not change the Change Auditor installation name.
  7. By default, historical events from the past year will be forwarded. To set an alternative start date for historical events to be sent from Change Auditor, select the calendar icon and specify the required date.
  8. Click Finish.

Pausing Change Auditor event forwarding

To pause the sending of Change Auditor events

  1. Navigate to the Auditing module.
  2. From the Configuration tab, select the ellipsis (...) on the Change Auditor tile and choose Pause.
  3. Click OK to confirm.

Resuming Change Auditor event forwarding

To begin sending Change Auditor events for a paused installation

  1. Navigate to the Auditing module.
  2. From the Configuration tab, select the ellipsis (...) on the Change Auditor tile and choose Resume Sending Events.
  3. Click OK to confirm.
Documentos relacionados

The document was helpful.

Seleccionar calificación

I easily found the information I needed.

Seleccionar calificación