サポートと今すぐチャット
サポートとのチャット

Change Auditor 7.1.1 - Built-in Reports Reference Guide

Introduction Built-in reports
Active Directory Federation Services AD Query All Events Authentication Services Azure Active Directory Defender Office 365 Logon Activity Skype for Business Recommended Best Practices Regulatory Compliance
FISMA (Federal Information Security Management Act)
NIST SP 800-53 | Technical Controls | Accountability (Including Audit Trails) | A01 – User Association NIST SP 800-53 | Technical Controls | Accountability (Including Audit Trails) | A02 – Content of Audit Records NIST SP 800-53 | Technical Controls | Accountability (Including Audit Trails) | A03 – Auditable Events NIST SP 800-53 | Technical Controls | Accountability (Including Audit Trails) | A04 – Audit Processing NIST SP 800-53 | Technical Controls | Identification and Authentication | IA02 – Remote, Privileged Access Authentication NIST SP 800-53 | Technical Controls | Identification and Authentication | IA03 – Password Protection Mechanisms NIST SP 800-53 | Technical Controls | Identification and Authentication | IA04 – Password Life NIST SP 800-53 | Technical Controls | Identification and Authentication | IA05 – Password Content NIST SP 800-53 | Technical Controls | Identification and Authentication | IA12 – Remote Access Identification Authentication NIST SP 800-53 | Technical Controls | Identification and Authentication | IA16 – Password Management NIST SP 800-53 | Technical Controls | Logical Access Control | AC01 - Remote Access Restrictions NIST SP 800-53 | Technical Controls | Logical Access Control | AC02 - Logon Notification Message NIST SP 800-53 | Technical Controls | Logical Access Control | AC05 - Session Inactivity NIST SP 800-53 | Technical Controls | Logical Access Control | AC06 - Limited Connection Time NIST SP 800-53 | Technical Controls | Logical Access Control | AC09 - Enforcement Mechanisms NIST SP 800-53 | Technical Controls | Logical Access Control | AC10 - Automated Account Controls NIST SP 800-53 | Technical Controls | Logical Access Control | AC12 - Supervision and Review NIST SP 800-53 | Technical Controls | Logical Access Control | AC14 - Authorization Procedures NIST SP 800-53 | Technical Controls | System and Communications Protection | SP02 - Information System Partitioning NIST SP 800-53 | Technical Controls | System and Communications Protection | SP04 - Denial of Service Protection NIST SP 800-53 | Technical Controls | System and Communications Protection | SP05 - Resource Priority NIST SP 800-53 | Technical Controls | System and Communications Protection | SP06 - Boundary Protection NIST SP 800-53 | Technical Controls | System and Communications Protection | SP07 - Network Segregation NIST SP 800-53 | Technical Controls | System and Communications Protection | SP09 - Network Disconnect NIST SP 800-53 | Technical Controls | System and Communications Protection | SP11 - Trust Path NIST SP 800-53 | Technical Controls | System and Communications Protection | SP16 - Use of Encryption
GLBA (Gramm-Leach-Bliley Act) GDPR HIPAA (Health Insurance Portability and Accountability Act) Payment Card Industry SAS 70 (Statement on Auditing Standards, Service Organizations) SOX (Sarbanes-Oxley General IT Controls Evidence based on the COBIT Framework)
Security SharePoint SQL Data Level Threat Detection VMware

164.308 – Administrative Safeguards | Security Awareness and Training

| Security Awareness and Training
Log-in Monitoring
Exchange
Access by non-owners
Who = All Users
What = Contact Copied by Non-Owner, Contact Created by Non-Owner, Contact Deleted by Non-Owner, Contact Modified by Non-Owner, Contact Moved by Non-Owner, Contact Permanently Deleted by Non-Owner, Contact Read by Non-Owner, Contacts Opened by Non-Owner, Folder Copied by Non-Owner, Folder Created by Non-Owner, Folder Deleted by Non-Owner, Folder Moved by Non-Owner, Folder Permanently Deleted by Non-Owner, Folder Renamed by Non-Owner, Calendar Opened by Non-Owner, Appointment Read by Non-Owner, Appointment Moved by Non-Owner, Appointment Permanently Deleted by Non-Owner, Appointment Modified by Non-Owner, Appointment Deleted by Non-Owner, Appointment Created by Non-Owner, Appointment Copied by Non-Owner, Inbox Opened by Non-Owner, Mailbox Opened by Non-Owner, Message Copied by Non-Owner, Message Created by Non-Owner, Message Deleted by Non-Owner, Message Modified by Non-Owner, Message Moved by Non-Owner, Message Permanently Deleted by Non-Owner, Message Read by Non-Owner
Where = All sources
When = Last 7 days
Origin = All workstations/servers
Logon Activity
All Failed Logons in the last 7 days
Who = All Users
What = User failed to authenticate through Kerberos, User failed to authenticate through NTLM, User failed to log on interactively, User failed to log on interactively from a remote computer, User failed to perform a network logon from a remote computer
Where = All sources
When = Last 7 days
Origin = All workstations/servers
All Interactive Logons in the past 24 hours
Who = All Users
What = User failed to log on interactively; User logged on interactively
Where = All sources
When = Last 24 hours
Origin = All workstations/servers
All Kerberos Logons in the past 24 hours
Who = All Users
What = User authenticated through Kerberos, User failed to authenticate through Kerberos
Where = All sources
When = Last 24 hours
Origin = All workstations/servers
All Logons in the past 24 hours
Who = All Users
What = Authentication Activity; Domain Controller Authentication; Logon Session
Where = All sources
When = Last 24 hours
Origin = All workstations/servers
All NTLM Logons in the past 24 hours
Who = All Users
What = User authenticated through NTLM, User failed to authenticate through NTLM
Where = All sources
When = Last 24 hours
Origin = All workstations/servers
All Remote Interactive Logons in the past 24 hours
Who = All Users
What = User failed to log on interactively from a remote computer; User failed to perform a network logon from a remote computer; User logged on interactively from a remote computer; User performed a successful network logon from a remote computer
Where = All sources
When = Last 24 hours
Origin = All workstations/servers
All User Sessions in the past 24 hours
Who = All Users
What = Logon Session facility
Where = All sources
When = Last 24 hours
Origin = All workstations/servers
SQL
All SQL Add Roles, User, and Login Events in the last 24 hours
Who = All Users
What = Audit Add DB User; Audit Add Login; Audit Add Login to Server Role; Audit Add Member to DB Role; Audit Add Role
Where = All sources
When = Last 24 hours
Origin = All workstations/servers
Audit Add Login
Who = All Users
What = Audit Add Login
Where = All sources
When = Last 7 days
Origin = All workstations/servers
Audit Add Login to Server Role
Who = All Users
What = Audit Add Login to Server Role
Where = All sources
When = Last 7 days
Origin = All workstations/servers
Audit Add Member to DB Role
Who = All Users
What = Audit Add Member to DB Role
Where = All sources
When = Last 7 days
Origin = All workstations/servers
Audit Add Role
Who = All Users
What = Audit Add Role
Where = All sources
When = Last 7 days
Origin = All workstations/servers
Audit Alter Server Object
Who = All Users
What = Audit Alter Server Object
Where = All sources
When = Last 7 days
Origin = All workstations/servers
Audit Alter Server Principal
Who = All Users
What = Audit Alter Server Principal
Where = All sources
When = Last 7 days
Origin = All workstations/servers
Password Management
Domain Security
Changes to Domain account policies (GPO filter) in last 30 days
Who = All Users
What = Account Lockout Duration Policy Changed; Account Lockout Threshold Policy Changed; Enforce Password History Policy Changed; Enforce User Logon Restrictions Policy Changed; Maximum Lifetime for Service Ticket Policy Changed; Maximum Lifetime for User Ticket Policy Changed; Maximum Lifetime for User Ticket Renewal Policy Changed; Maximum Password Age Policy Changed; Maximum Tolerance for Computer Clock Synchronization Policy Changed; Minimum Password Age Policy Changed; Minimum Password Length Policy Changed; Password Must Meet Complexity Requirements Policy Changed; Store Passwords Using Reversible Encryption Policy Changed; Reset Account Lockout Counter After Change Policy Changed
Where = All sources
When = Last 30 days
Origin = All workstations/servers
Changes to Domain Audit policies (GPO filter) in last 30 days
Who = All Users
What = Audit Account Logon Events Policy Changed; Audit Account Management Policy Changed; Audit Directory Service Access Policy Changed; Audit Logon Events Policy Changed; Audit Object Access Policy Changed; Audit Policy Change Policy Changed; Audit Privilege Use Policy Changed; Audit Process Tracking Policy Changed; Audit System Event Policy Changed
Where = All sources
When = Last 30 days
Origin = All workstations/servers
Changes to Domain Kerberos policies (GPO filter) in last 30 days
Who = All Users
What = Enforce User Logon Restrictions Policy Changed; Maximum Lifetime for Service Ticket Policy Changed; Maximum Lifetime for User Ticket Policy Changed; Maximum Lifetime for User Ticket Renewal Policy Changed; Maximum Tolerance for Computer Clock Synchronization Policy Changed
Where = All sources
When = Last 30 days
Origin = All workstations/servers
GPO Link changes on Domain objects in last 30 days
Who = All Users
What = DACL Changed on Group Policy Object; Group Policy Linked; Group Policy Unlinked; Group Policy Block Inheritance Setting Changed on Domain; Group Policy No Override Setting Changed on Domain; Group Policy Disabled Setting on Domain Changed; Owner Changed on Group Policy Object
Where = All sources
When = Last 30 days
Origin = All workstations/servers
Permission changes on domains in last 30 days
Who = All Users
What = DACL Changed on Domain Object
Where = All sources
When = Last 30 days
Origin = All workstations/servers
Permissions to AdminSDHolder Changes in last 30 days
Who = All Users
What = DACL Changed on AdminSDHolder Object
Where = All sources
When = Last 30 days
Origin = All workstations/servers
Protect from Malicious Software
File detailed list of services changes
Who = All Users
What = Service account changed, service dependencies changed, Service paused, Service recovery actions changed, Service resumed, Service start type changed, Service started, Service stopped
Where = All sources
When = Last 7 days
Origin = All workstations/servers
Security Reminders
Service Pack and Hotfixes
Detailed list of all hot fixes applied
Who = All Users
What = Hotfix Applied
Where = All sources
When = Last 7 days
Origin = All workstations/servers
Detailed list of hot fixes rolled back
Who = All Users
What = Hotfix Rolled Back
Where = All sources
When = Last 7 days
Origin = All workstations/servers
Detailed list of service packs applied
Who = All Users
What = Computer Service Pack Applied; Domain Controller Service Pack Applied
Where = All sources
When = Last 7 days
Origin = All workstations/servers
Detailed list of service packs rolled back
Who = All Users
What = Domain Controller Service Pack Rolled Back
Where = All sources
When = Last 7 days
Origin = All workstations/servers

164.310 – Physical Safeguards | Standard Workstation Security

| Standard Workstation Security
Detailed list of GPO workstation access modifications
Who = All Users
What = Deny Access to this Computer from the Network Policy Changed; Access this Computer from the Network Policy Changed
Where = All sources
When = Last 7 days
Origin = All workstations/servers
Detailed list of user workstation access modifications
Who = All Users
What = User userWorkstations Added; User userWorkstations Removed
Where = All sources
When = Last 7 days
Origin = All workstations/servers

164.310 – Physical Safeguards | Standard Workstation Use

| Standard Workstation Use
Detailed list of GPO disk access modifications
Who = All Users
What = Devices: Restrict CD-ROM Access to Locally Logged-on User Only Policy Changed; Devices: Allowed to Format and Eject Removable Media Policy Changed; Devices: Restrict Floppy Access to Locally Logged-Out User Only Policy Changed
Where = All sources
When = Last 7 days
Origin = All workstations/servers
Detailed list of hard disk modifications
Who = All Users
What = Disk Size Changed
Where = All sources
When = Last 7 days
Origin = All workstations/servers
Detailed list of GPO workstation access modifications
Who = All Users
What = Deny Access to this Computer from the Network Policy Changed; Access this Computer from the Network Policy Changed
Where = All sources
When = Last 7 days
Origin = All workstations/servers

164.312 – Technical Safeguards | Standard Person or entity authentication

| Standard Person or entity authentication
Defender
All Defender events in last 30 days
Who = All Users
What = Defender facility
Where = All sources
When = Last 30 days
Origin = All workstations/servers
Defender – Member added to access node in last 30 days
Who = All Users
What = Member Added to Access Node
Where = All sources
When = Last 30 days
Origin = All workstations/servers
Defender – Member removed from access node in last 30 days
Who = All Users
What = Member Removed from Access Node
Where = All sources
When = Last 30 days
Origin = All workstations/servers
Defender access node added in last 30 days
Who = All Users
What = Defender Access Node Added
Where = All sources
When = Last 30 days
Origin = All workstations/servers
Defender access node removed in last 30 days
Who = All Users
What = Defender Access Node Removed
Where = All sources
When = Last 30 days
Origin = All workstations/servers
Defender password events in last 30 days
Who = All Users
What = Defender Password Changed; Defender Password Cleared; Defender Password Expiry Cleared; Defender Password Expiry Set; Defender Password Set
Where = All sources
When = Last 30 days
Origin = All workstations/servers
Defender policy added in last 30 days
Who = All Users
What = Defender Policy Added
Where = All sources
When = Last 30 days
Origin = All workstations/servers
Defender policy change events in last 30 days
Who = All Users
What = Defender Policy Changed for Access Node; Defender Policy Changed for Group; Defender Policy Changed for Security Server; Defender Policy Changed for User
Where = All sources
When = Last 30 days
Origin = All workstations/servers
関連ドキュメント

The document was helpful.

評価を選択

I easily found the information I needed.

評価を選択