サポートと今すぐチャット
サポートとのチャット

InTrust 11.6.1 - InTrust Reports

VMware vCenter and ESX/ESXi

Virtual machine creations and deletions

This InTrust report shows information about virtual machine creation, deletion and cloning.

Virtual machine reconfigurations

This InTrust report shows virtual machine configuration changes.

Virtual machine snapshot activity

This InTrust report shows all captured activity that involves snapshots: creation, deletion and reversion.

Virtual machine startups and shutdowns

This InTrust report shows all virtual machine starts, shutdowns, suspends, and details as to who initiated them and when they happened.

VMware All Events

This InTrust report shows all events related to VMware vCenter and ESX/ESXi.

VMware ESX Configuration Changes

This InTrust report shows events related to vCenter and ESX/ESXi server configuration changes, such as account, host and data store management.

VMware Permission Changes

This InTrust report shows permission changes on virtual machines. The report refers to users and groups that get role-based permissions as grantees.

VMware User Logon and Logoff

This InTrust report shows all user logon and logoff attempts, both successful and failed, and provides reason information for the failed attempts.

Report Pack_Windows

Report Pack for Windows

This section contains a list of reports included in the InTrust11.6.1 Report Pack for Windows.

Administrative Activity

Account Management

Group Management

This InTrust report shows group changes. Groups should be created, deleted, or changed by administrators. If the administrator fails to duly perform group management tasks, this may lead to user rights misrule and security violations.

Group Membership Management

This InTrust report shows group membership changes. User accounts should be added to or removed from groups by administrators. If the administrator fails to duly perform group membership management tasks, this may lead to user rights misrule and security violations.

Password resets

This InTrust report shows when account passwords were reset and who reset them. An entry in the report means that the password was either reset or changed. By default, only user accounts are included, but you can use the User Accounts filter if you want to include computer accounts as well.

User Accounts Management

This InTrust report shows changes to user accounts. User accounts should be created, deleted, enabled, or disabled by administrators. If the administrator fails to duly perform account management tasks, this may lead to account misrule and even security violations.

User rights management

This InTrust report shows changes to user rights. User rights should be assigned or removed by administrators. If the administrator fails to duly perform user rights management tasks, this may lead to user rights misrule and security violations.

Network Management

Computer accounts changes

This InTrust report shows computer accounts changes. Computer accounts should be created, deleted, renamed, or changed by administrative accounts only. If the administrator fails to duly perform computer account management tasks, this may lead to security violations.

DHCP history

This report summarizes DHCP log data and represents the information as time intervals during which computers have certain IP addresses. If an event specifies the host as localhost or host from localdomain, the actual DNS name is determined by the MAC address. The report helps quickly pinpoint a computer at which certain actions were performed. For correct results, create this report for a single DHCP server or for several DHCP servers that work simultaneously and do not serve overlapping IP address pools.

Domain Trusts Changes

This InTrust report shows domain trust changes. Domain trusts should be added, removed, or modified by administrative accounts only. If the administrator does not duly perform domain trust management tasks, this may lead to security violations.

Policy Changes

Audit Policy Changed

This InTrust report shows audit policy changes. Audit policy should be modified by administrative accounts only; otherwise these changes can indicate a security breach. Failure of the administrator to duly perform audit policy management tasks may lead to security violations.

Kerberos and Domain Policy changed

This InTrust report shows Audit and Kerberos policies changes.

Forensic Analysis

Detailed Reports

All user activities [details]

This InTrust report shows and expands statistics on security events. Security events capture the activity taking place in the network and show, for example, when and where users log on, what data they access, how they manage accounts, and so on.

Event Log Gaps

This InTrust report shows situations when events are missing from logs for a time period that you specify. For example, if a file server with classified data does not appear to have logged events for an hour, this is suspicious, all the more so if the server is supposed to be up at all times. It is possible that the server was down during that time or the log was cleared. Such a situation does not necessary mean a problem but should be investigated.

Events related with the specified event [advanced]

This InTrust report helps you analyze the background of an event you are interested in by exploring related events.

Raw data analysis

This InTrust report shows event data from specified event logs of selected computers.

Summary Reports

Account management statistics

This InTrust report shows the number of accounts created, changed, and deleted within a specified time period for such important types of accounts as user accounts, security groups, and distribution groups. It also shows group membership modification for both security and distribution groups.

All user activities [summary]

This InTrust report shows statistics on security events grouped by users and their domains. Security events capture the activity taking place in the network and show, for example, when and where users log on, what data they access, how they manage accounts, and so on. The report is primarily intended for presenting statistics in printed form but, when working interactively, you can click any number to view the details of all events that the number stands for.

Logon Statistics

In the Windows environment different logon types are registered by the system depending on what kind of resource a user accesses. This InTrust report shows all logon types such as interactive logons to domains, access to shared folders, dial-up connections to the network, and so on, and groups logon statistics.

関連ドキュメント

The document was helpful.

評価を選択

I easily found the information I needed.

評価を選択