• Diventare un professionista del portale
• Scaricare
• Stampa
• I miei download ()

• Supporto
• Documentazione tecnica
• Change Auditor 7.1.1
• Change Auditor 7.1.1 - Built-in Reports Reference Guide

Change Auditor 7.1.1 - Built-in Reports Reference Guide

Table of Contents  

Introduction Built-in reports

Active Directory Federation Services AD Query All Events Authentication Services Azure Active Directory Defender Office 365

Exchange Online OneDrive for Business SharePoint Online

Logon Activity Skype for Business Recommended Best Practices

Auditing Service Administrator Activity

Domain Wide Configuration Activity | Domain Admins Forest Changes by Activity Forest Wide Configuration Activity | Enterprise Admins Forest Wide Configuration Activity | Schema Admins Service Admins Group Membership

Domain Controller Changes Domain-Level Changes Exchange Forest-Level Changes Severity Based Changes SQL

Regulatory Compliance

FISMA (Federal Information Security Management Act)

NIST SP 800-53 | Technical Controls | Accountability (Including Audit Trails) | A01 – User Association NIST SP 800-53 | Technical Controls | Accountability (Including Audit Trails) | A02 – Content of Audit Records NIST SP 800-53 | Technical Controls | Accountability (Including Audit Trails) | A03 – Auditable Events NIST SP 800-53 | Technical Controls | Accountability (Including Audit Trails) | A04 – Audit Processing NIST SP 800-53 | Technical Controls | Identification and Authentication | IA02 – Remote, Privileged Access Authentication NIST SP 800-53 | Technical Controls | Identification and Authentication | IA03 – Password Protection Mechanisms NIST SP 800-53 | Technical Controls | Identification and Authentication | IA04 – Password Life NIST SP 800-53 | Technical Controls | Identification and Authentication | IA05 – Password Content NIST SP 800-53 | Technical Controls | Identification and Authentication | IA12 – Remote Access Identification Authentication NIST SP 800-53 | Technical Controls | Identification and Authentication | IA16 – Password Management NIST SP 800-53 | Technical Controls | Logical Access Control | AC01 - Remote Access Restrictions NIST SP 800-53 | Technical Controls | Logical Access Control | AC02 - Logon Notification Message NIST SP 800-53 | Technical Controls | Logical Access Control | AC05 - Session Inactivity NIST SP 800-53 | Technical Controls | Logical Access Control | AC06 - Limited Connection Time NIST SP 800-53 | Technical Controls | Logical Access Control | AC09 - Enforcement Mechanisms NIST SP 800-53 | Technical Controls | Logical Access Control | AC10 - Automated Account Controls NIST SP 800-53 | Technical Controls | Logical Access Control | AC12 - Supervision and Review NIST SP 800-53 | Technical Controls | Logical Access Control | AC14 - Authorization Procedures NIST SP 800-53 | Technical Controls | System and Communications Protection | SP02 - Information System Partitioning NIST SP 800-53 | Technical Controls | System and Communications Protection | SP04 - Denial of Service Protection NIST SP 800-53 | Technical Controls | System and Communications Protection | SP05 - Resource Priority NIST SP 800-53 | Technical Controls | System and Communications Protection | SP06 - Boundary Protection NIST SP 800-53 | Technical Controls | System and Communications Protection | SP07 - Network Segregation NIST SP 800-53 | Technical Controls | System and Communications Protection | SP09 - Network Disconnect NIST SP 800-53 | Technical Controls | System and Communications Protection | SP11 - Trust Path NIST SP 800-53 | Technical Controls | System and Communications Protection | SP16 - Use of Encryption

GLBA (Gramm-Leach-Bliley Act)

6801 – Protection of Non Public Personal Information | 6801(a) – Privacy Obligation Policy 6805 – Enforcement | 6805(b) – Enforcement of Section 6801

GDPR

Administrative Control Audit and Accountability Responsibility of the Controller Integrity and Confidentiality Security of Processing

HIPAA (Health Insurance Portability and Accountability Act)

164.308 – Administrative Safeguards | Security Management 164.308 – Administrative Safeguards | Workforce Security 164.308 – Administrative Safeguards | Information Access Management 164.308 – Administrative Safeguards | Security Awareness and Training 164.310 – Physical Safeguards | Standard Workstation Security 164.310 – Physical Safeguards | Standard Workstation Use 164.312 – Technical Safeguards | Standard Person or entity authentication 164.312 – Technical Safeguards | Standard Access Control 164.312 – Technical Safeguards | Standard Audit Control

Payment Card Industry

Build and Maintain a Secure Network and Systems Implement Strong Access Control Measures Maintain a Vulnerability Management Program Regularly Monitor and Test Networks

SAS 70 (Statement on Auditing Standards, Service Organizations)

Service Auditor's Reports: Type I

SOX (Sarbanes-Oxley General IT Controls Evidence based on the COBIT Framework)

Section 404 | Acquisition and Implementation BAI2.2 - Perform a feasibility study and formulate alternative solutions Section 404 | Delivery and Support

Security

Access Control - Administrator Account Activity Access Control - Administrator Group Activity Access Control - File System Access Management Computer Activity Critical GPO Changes Domain Controller Security

Domain Controller Configuration Changes

Domain Security Exchange Group Activity Group Management Organizational Unit Management

Group Policy Changed last 30 days

Severity Based Changes Trust Activity User Activity User Management

SharePoint SQL Data Level Threat Detection VMware

• Viewing Topics 1 - 4 of 108

×

Introduction

Change Auditor provides predefined reports which allow you to quickly retrieve valuable configuration change information from various perspectives.

NOTE: The terms ‘searches’ and ‘reports’ are used in conjunction to acquire the wanted output. You run a ‘search’ and the results returned are referred to as a ‘report’.

To run a built-in search:

1	Click the Searches tab or select View | Searches to open the Searches page.

2	Expand and select the appropriate folder in the explorer view to display the list of search definitions stored in the selected folder.

3	In the right pane, locate the search to run and use one of the following methods to run the selected search:

•	Double-click a search definition

•	Right-click a search definition and select Run

•	Select the search definition and click Run

4	A new Search Results page displays populated with the audited events that met the search criteria defined in the selected search definition.

This guide contains a list of the all the built-in reports provided with Change Auditor. They are listed according to the folder structure under the Shared folder on the Searches page.

NOTE: Many of the built-in reports are only available when the appropriate Change Auditor license is applied For example, to capture Exchange events, Quest® Change Auditor for Exchange must be licensed. Some built-in reports also require auditing templates to define the auditing scope. For example, to capture File System events, you must first define a template to specify the files and folders and events to audit. Change Auditor does not prevent you from running any of the built-in reports; however, associate events are not captured unless the proper license and auditing template is applied. See the individual Change Auditor user guides for more information about auditing key environments.

Built-in reports

The following criteria defines the contents of the default ‘My Favorite’ report that is displayed on the Overview page:

Change Auditor Real-Time

Who = All Users

What = All Event Classes

Where = All sources

When = Last 20 minutes

Origin = All workstations/servers

 

The other built-in reports provided with Change Auditor are available under the following folders:

•	Active Directory Federation Services

•

AD Query

•	All Events

•	Authentication Services

•	Azure Active Directory

•

Defender

•	Office 365

•	Logon Activity

•	Skype for Business

•	Recommended Best Practices

•	Regulatory Compliance

•

Security

•	SharePoint

•	SQL Data Level

•

VMware

Active Directory Federation Services

All Active Directory Federation Services sign-ins in the last 24 hours

Who = All Users

What = Active Directory Federation Services - Sign-in facility

Where = All sources

When = Last 24 hours

Origin = All workstations/servers

All Successful Active Directory Federation Services sign-ins in the last 24 hours

Who = All Users

What = Successful Active Directory Federation Services sign-in

Where = All sources

When = Last 24 hours

Origin = All workstations/servers

All Failed Active Directory Federation Services sign-ins in the last 7 days

Who = All Users

What = Failed Active Directory Federation Services sign-in

Where = All sources

When = Last 7 days

Origin = All workstations/servers

AD Query

NOTE: By default, the AD Query reports include the following information on the Search Results page: Origin, LDAP Attributes, LDAP Scope, LDAP Filter, LDAP Type, LDAP Occurrences, LDAP Elapsed, LDAP Since, and LDAP Results. These additional columns are defined using the Layout tab.

All AD Queries grouped by AD search filter

Who = All Users

What = AD Query Performed

Where = All sources

When = N/A

Origin = All workstations/servers

Layout tab - Order By: Time Detected (Not Grouped); LDAP Filter (Grouped)

All AD Queries grouped by AD starting point

Who = All Users

What = AD Query Performed

Where = All sources

When = N/A

Origin = All workstations/servers

Layout Tab - Order By: Time Detected (Not Grouped); Object Canonical (Grouped)

All AD Queries grouped by number of results

Who = All Users

What = AD Query Performed

Where = All sources

When = Last 7 days

Origin = All workstations/servers

Layout Tab - Order By: Time Detected (Not Grouped); LDAP Results (Grouped)

All AD Queries grouped by originating hostname\IP address

Who = All Users

What = AD Query Performed

Where = All sources

When = N/A

Origin = All workstations/servers

Layout Tab - Order By: Time Detected (Not Grouped); Origin (Grouped)

All AD Queries grouped by time elapsed (query run time)

Who = All Users

What = AD Query Performed

Where = All sources

When = Last 7 days

Origin = All workstations/servers

Layout Tab - Order By: Time Detected (Not Grouped); LDAP Elapsed (Grouped)

All AD Queries in the last 1 week

Who = All Users

What = AD Query Performed

Where = All sources

When = Last 7 days

Origin = All workstations/servers

All AD Queries in last 30 days

Who = All Users

What = AD Query Performed

Where = All sources

When = Last 30 days

Origin = All workstations/servers

•  Precedente
• Viewing Topics 1 - 4 of 108
• Successiva 

Cerca in questo documento Cerca questa versione del prodotto in tutti i documenti Cerca questo prodotto in tutti i documenti Cerca in tutti i documenti

Strumenti self-service

Knowledge Base

Notifiche e avvisi

Supporto prodotti

Download di software

Documentazione tecnica

Forum utente

Esercitazioni video

Feed RSS

Contatti

Richiedi assistenza sulle licenze

Supporto tecnico

Visualizza tutto

×

 Questo è il portale del supporto

Puoi trovare aiuto e supporto online per Quest *prodotto* sul sito di supporto di un affiliato. Fai clic su Continua per essere reindirizzato ai contenuti e all'assistenza corretti per *prodotto*.

Related Documents

The document was helpful.

Seleziona valutazione

I easily found the information I needed.

Seleziona valutazione

© 2024 Quest Software Inc. ALL RIGHTS RESERVED. Feedback Termini di utilizzo Privacy Cookie Preference Center