Chatta subito con l'assistenza
Chat con il supporto

Change Auditor 7.5 - User Guide

Welcome to Change Auditor Help Change Auditor Core Functionality
Change Auditor Core Functionality Change Auditor Overview Agent Deployment Change Auditor Client Overview Overview Page Searches Search Results and Event Details Custom Searches and Search Properties Enable Alert Notifications Administration Tasks Agent Configurations Coordinator Configuration Purging and Archiving your Change Auditor Database Working with Private Alerts and Reports Generate and Schedule Reports SQL Reporting Services Configuration Change Auditor User Interface Authorization Client Authentication Certificate authentication for client coordinator communication Integrating with On Demand Audit Enable/Disable Event Auditing Account Exclusion Registry Auditing Service Auditing Agent Statistics and Logs Coordinator Statistics and Logs Change Auditor Commands Change Auditor Email Tags
Microsoft 365 and Microsoft Entra ID Auditing Change Auditor for Active Directory
Change Auditor for Active Directory Overview Custom Active Directory Searches and Reports Custom Active Directory Object Auditing Custom Active Directory Attribute Auditing Member of Group Auditing Active Directory Federation Services Auditing ADAM (AD LDS) Auditing Active Directory Database Auditing Active Roles Integration Quest GPOADmin Integration Active Directory Protection Event Details Pane About us
Change Auditor for Authentication Services Change Auditor for Defender Change Auditor for EMC Change Auditor for Exchange Change Auditor for Windows File Servers Change Auditor for Active Directory Queries Change Auditor for Logon Activity Change Auditor for NetApp Change Auditor for SharePoint Change Auditor for SQL Server Change Auditor SIEM Integration Guide
Webhooks in Change Auditor Integrating Change Auditor and SIEM Tools Subscription Management
Adding the PowerShell module Viewing available commands and help Connecting to Change Auditor Managing subscriptions Working with event subscriptions in the client Managing a Splunk integration Splunk event subscription wizard Managing an IBM QRadar integration QRadar event subscription wizard Managing a Micro Focus Security ArcSight Logger and Enterprise Security Manager (ESM) integration ArcSight event subscription wizard Managing a Quest IT Security Search integration (Preview) Managing a Syslog integration Syslog event subscription wizard Managing a Microsoft Sentinel integration Microsoft Sentinel event subscription wizard
Webhook technical insights
Change Auditor Threat Detection Deployment Change Auditor Threat Detection Dashboard Change Auditor PowerShell Command Guide Change Auditor Dialogs
Change Auditor dialogs
Quest Change Auditor dialog Add Administrator Add Agents, Domains, Sites dialog Add Container dialog Add Active Directory Container dialog (AD Query) Add Facilities or Event Classes dialog Add Facilities or Event Classes dialog (Add With Events) Add File System Path dialog Add Foreign Forest Credential Add Group Policy Container dialog Add Local Account dialog Add Logons dialog Add Logons dialog (Add With Events) Add Object Classes dialog Add Object Classes dialog (Add With Events) Add Origin dialog Add Origin dialog (Add With Events) Add Registry Key dialog Add Results dialog Add Service dialog Add Service dialog (Add With Events) Add Severities dialog Add Severities dialog (Add With Events) Add SharePoint Path dialog Add SQL Instance dialog Add SQL Data Level Object Add Users, Computers or Groups dialog Add Where dialog Add Who dialog Advanced Deployment Options dialog Agent Assignment dialog Alert Body Configuration dialog Alert Custom Email dialog Auditing and Protection Templates dialog Authorizations: Application Group dialog Authorizations: Operations | Role Definitions | Task Definitions | Application Group Authorizations: Role dialog Authorizations: Task dialog Auto Deploy to New Servers in Forest dialog Browse for Folder dialog Browse SharePoint dialog Comments dialog Configuration Setup dialog Configure cepp.conf Auditing dialog Connection screen Coordinator Configuration tool Coordinator Credentials Required dialog Credentials Required dialog Custom Filter dialog Database Credentials Required dialog Directory object picker Domain Credentials dialog Eligible Change Auditor Agents dialog Event Logging dialog Export/Import dialog Install or Upgrade/Uninstall/Update Foreign Agent Credentials IP Address dialog Log page Logon Credentials dialog (Deployment page) Logon Credentials dialog (EMC Auditing wizard) Manage Connection Profiles dialog New Report Layout dialog Microsoft 365 dialog Rename dialog Save As dialog Select a SQL Instance and Database dialog Select Destination Folder dialog Select Exchange Users dialog Select Registry Key dialog Select SQL Reporting Services Template dialog Shared Mailboxes dialog SharePoint Credentials Required dialog When dialog
About Us

Add SQL Instance dialog

Previous Next

Add SQL Instance dialog

The Add SQL Instance dialog appears when Add | Subsystem | SQL or Add With Events | Subsystem | SQL is selected on the What search properties tab (Searches page or the Purge Options page in the Purge Job wizard). This dialog allows you to search for actions that have occurred in all SQL instances being audited or a selected SQL instance, database and/or object.

From this dialog, specify a SQL instance, database or object and click the Add button to add it to the list box located across the bottom of the dialog. Once you have made your selection(s), click the OK button to save your selection and close the dialog. If you selected the All SQL Instances option, simply click the OK button to save your selection and close the dialog.

The following information/controls are included on this dialog:

Scope

Select one of the following options to define the scope of the search:
All SQL Instances - select this option to search all SQL instances. (Default when Add tool bar button is used).
This Object - select this option to search specific SQL instances, databases and/or objects only. (Default when Add With Events tool bar button is used).

When the This Object option is selected in the Scope section, the following controls will become available to specify the SQL instance, SQL database and/or SQL Server object to be included in the search definition. When you select This Object, you MUST fill in at least one of the following fields. After specifying the SQL instance, database and/or object to be included, click the Add button to add it to the SQL list box.

* 
NOTE: When the Add With Events tool bar button is used, these fields are populated based on the entry selected in the data grid and are read-only. Also the browse button is disabled.

Instance

Enter the name of the SQL instance or click the browse button to the far right to select from a list. Clicking the browse button will display the Select a SQL Instance and Database dialog which provides a list of SQL instances and associated databases from which you can select the instance and database to be used. If you leave this field blank, Change Auditor will search for SQL events based on the entries made in the DB and/or Object fields for all SQL instances.

DB

Enter the name of the SQL database to be used or click the browse button to the far right to select from a list. Clicking the browse button will display the Select a SQL Instance and Database dialog which provides a list of SQL instances and associated databases from which you can select the instance and database to be used. If you leave this field blank, Change Auditor will search for SQL events based on the entries made in the Instance and/or Object fields for all SQL databases.

Object

Enter a SQL Server object to be included in the search definition. If you leave this field blank, Change Auditor will search for SQL events based on the entries made in the Instance and/or DB fields for all SQL Server objects.

SQL instance list

The SQL Instance list box located at the bottom of the dialog displays a list of all the SQL instances, databases and/or objects included in the search definition (or excluded when the Exclude the Above Selection(s) check box is checked). Its contents are based on the entries specified above, when using the This Object scope.

Use the buttons above this list box to add, remove and update entries:
Add - click the Add button to add the selected item to the SQL list.
Remove - select the entry to be removed in the SQL list and then click the Remove button.
Update - select the entry to be modified from the SQL list box, make the modification(s) to the SQL instance, database and/or object then click the Update button to save your changes.

Data grid

A data grid is added to this dialog when the Add With Events tool bar option is selected. This data grid displays a list of the SQL instances, databases and objects that have an event in the Change Auditor database. The following information is displayed:
Instance - This column displays the name of the SQL instance(s) that reported a SQL event in the Change Auditor database.
Database - This column displays the name of the database(s) that reported a SQL event in the Change Auditor database.
SQL Object - This column displays the name of the SQL Server object(s) that reported a SQL event in the Change Auditor database.

Select an entry in the data grid and click the Add button to add it to the SQL list box.

Exclude the Above Selection(s)

Select this check box to exclude the SQL instance(s) listed in the SQL Instance list from the audit. That is, Change Auditor will search for events to all SQL instances except those listed.

Runtime Prompt

Select the Runtime Prompt option to prompt for the SQL instance whenever the search is run. That is, when the Run tool bar button is used, the Add SQL Instance dialog appears allowing you to select the SQL instance to be included in the search.

* 
NOTE: When Runtime Prompt is selected, the SQL option will be disabled on the Add tool bar buttons on the What tab.
 
* 
NOTE: This option is not available when this dialog is launched from the Purge Job wizard.

Add SQL Data Level Object

Previous Next

Add SQL Data Level Object

The Add SQL Data Level Object dialog appears when Add | Subsystem | SQL Data Level or is selected on the What search properties tab (Searches page or the Purge Options page in the Purge Job wizard). This dialog allows you to search for specific database objects.

From this dialog, specify an application, database, table, or transaction ID and click the Add button to add it to the list box located across the bottom of the dialog. Once you have made your selections, click OK to save your selection and close the dialog.

The following information/controls are included on this dialog:

Exclude the Above Selection(s)

Select this check box to exclude the SQL objects listed from the audit. That is, Change Auditor will search for events to all SQL objects except those listed.

Add Users, Computers or Groups dialog

Previous Next

Add Users, Computers or Groups dialog

The Add Users, Computers or Groups dialog appears when you click Add With Events on the Who search properties tab (Searches page or the Purge Options page in the Purge Job wizard). This dialog contains a list of all the users, computers and groups that have an event associated with it in the Change Auditor database.

To select an item from this list, select one or more items from the data grid located at the top of the dialog and click the Add button to add the item(s) to the selection list, located at the bottom of the dialog. Once you have selected all of the items to be included in your search, click the OK button to save your selections and close the dialog.

The following information is displayed on this dialog:

Data grid

The data grid displays the accounts that have an event associated with it in the Change Auditor database. The following information is displayed for each entry:
Name - displays the name of the object that has an event associated with it in the Change Auditor database.
Type - displays the type of item: User, Computer or Group.

Selection list

The list box located at the bottom of the dialog displays the users, computers and groups to be included in the search. Use the buttons located above this list box to add or remove an entry:
Add - select one or more items from the data grid located at the top of the dialog and then click the Add button to add the item(s) to the selection list.
Remove - select the item to be removed from the selection list box and then click the Remove button.

Add Wildcard Expression

Click this button to display the Add Who dialog where you can enter a wildcard expression to be used to search for a user (Domain\User Name) or group (Domain\Group Name).

On the Add Who dialog:

1
Select the comparison operator to be used: Like or Not Like.
2
In the field to the right of the operator, enter the pattern (character string and * wildcard character) to be used to search for a match. Use the * wildcard character to match any string of zero or more characters.

By default, the wildcard expression will be used to search for a user. To search for a group, select the Group option.

Add Where dialog

Previous Next

Add Where dialog

The Add Where dialog appears when the Add | Add Wildcard Expression command is clicked on the Where search properties tab (Searches page or the Purge Options page in the Purge Job wizard). This dialog also appears when the Add Wildcard Expression button is used on the Add Agents, Domains, Sites dialog.

From this dialog specify a wildcard expression to be used to search for an agent, domain or site, then click OK to save your selection and close the dialog.

This dialog contains the following fields/controls to define the wildcard expression to be used in the search definition:

Comparison operator

In the left-hand field, use the drop-down control to select the comparison operator to be used:
Like
Not Like

Pattern

In the right-hand field, enter the pattern (character string and * wildcard character) to be used to search for a match.

Use the * wildcard character to match any string of zero or more characters. For example, entering LIKE *local will find all agents that end in 'local'.

Agent

This option is selected by default and the search will be conducted on the agent's NetBIOS name.

Domain

Select this option to conduct the search on the domain name.

Site

Select this option to conduct the search on the site name.

Related Documents

The document was helpful.

Seleziona valutazione

I easily found the information I needed.

Seleziona valutazione