Converse agora com nosso suporte
Chat com o suporte

Change Auditor 7.5 - User Guide

Welcome to Change Auditor Help Change Auditor Core Functionality
Change Auditor Core Functionality Change Auditor Overview Agent Deployment Change Auditor Client Overview Overview Page Searches Search Results and Event Details Custom Searches and Search Properties Enable Alert Notifications Administration Tasks Agent Configurations Coordinator Configuration Purging and Archiving your Change Auditor Database Working with Private Alerts and Reports Generate and Schedule Reports SQL Reporting Services Configuration Change Auditor User Interface Authorization Client Authentication Certificate authentication for client coordinator communication Integrating with On Demand Audit Enable/Disable Event Auditing Account Exclusion Registry Auditing Service Auditing Agent Statistics and Logs Coordinator Statistics and Logs Change Auditor Commands Change Auditor Email Tags
Microsoft 365 and Microsoft Entra ID Auditing Change Auditor for Active Directory
Change Auditor for Active Directory Overview Custom Active Directory Searches and Reports Custom Active Directory Object Auditing Custom Active Directory Attribute Auditing Member of Group Auditing Active Directory Federation Services Auditing ADAM (AD LDS) Auditing Active Directory Database Auditing Active Roles Integration Quest GPOADmin Integration Active Directory Protection Event Details Pane About us
Change Auditor for Authentication Services Change Auditor for Defender Change Auditor for EMC Change Auditor for Exchange Change Auditor for Windows File Servers Change Auditor for Active Directory Queries Change Auditor for Logon Activity Change Auditor for NetApp Change Auditor for SharePoint Change Auditor for SQL Server Change Auditor SIEM Integration Guide
Webhooks in Change Auditor Integrating Change Auditor and SIEM Tools Subscription Management
Adding the PowerShell module Viewing available commands and help Connecting to Change Auditor Managing subscriptions Working with event subscriptions in the client Managing a Splunk integration Splunk event subscription wizard Managing an IBM QRadar integration QRadar event subscription wizard Managing a Micro Focus Security ArcSight Logger and Enterprise Security Manager (ESM) integration ArcSight event subscription wizard Managing a Quest IT Security Search integration (Preview) Managing a Syslog integration Syslog event subscription wizard Managing a Microsoft Sentinel integration Microsoft Sentinel event subscription wizard
Webhook technical insights
Change Auditor Threat Detection Deployment Change Auditor Threat Detection Dashboard Change Auditor PowerShell Command Guide Change Auditor Dialogs
Change Auditor dialogs
Quest Change Auditor dialog Add Administrator Add Agents, Domains, Sites dialog Add Container dialog Add Active Directory Container dialog (AD Query) Add Facilities or Event Classes dialog Add Facilities or Event Classes dialog (Add With Events) Add File System Path dialog Add Foreign Forest Credential Add Group Policy Container dialog Add Local Account dialog Add Logons dialog Add Logons dialog (Add With Events) Add Object Classes dialog Add Object Classes dialog (Add With Events) Add Origin dialog Add Origin dialog (Add With Events) Add Registry Key dialog Add Results dialog Add Service dialog Add Service dialog (Add With Events) Add Severities dialog Add Severities dialog (Add With Events) Add SharePoint Path dialog Add SQL Instance dialog Add SQL Data Level Object Add Users, Computers or Groups dialog Add Where dialog Add Who dialog Advanced Deployment Options dialog Agent Assignment dialog Alert Body Configuration dialog Alert Custom Email dialog Auditing and Protection Templates dialog Authorizations: Application Group dialog Authorizations: Operations | Role Definitions | Task Definitions | Application Group Authorizations: Role dialog Authorizations: Task dialog Auto Deploy to New Servers in Forest dialog Browse for Folder dialog Browse SharePoint dialog Comments dialog Configuration Setup dialog Configure cepp.conf Auditing dialog Connection screen Coordinator Configuration tool Coordinator Credentials Required dialog Credentials Required dialog Custom Filter dialog Database Credentials Required dialog Directory object picker Domain Credentials dialog Eligible Change Auditor Agents dialog Event Logging dialog Export/Import dialog Install or Upgrade/Uninstall/Update Foreign Agent Credentials IP Address dialog Log page Logon Credentials dialog (Deployment page) Logon Credentials dialog (EMC Auditing wizard) Manage Connection Profiles dialog New Report Layout dialog Microsoft 365 dialog Rename dialog Save As dialog Select a SQL Instance and Database dialog Select Destination Folder dialog Select Exchange Users dialog Select Registry Key dialog Select SQL Reporting Services Template dialog Shared Mailboxes dialog SharePoint Credentials Required dialog When dialog
About Us

Add Who dialog

Previous Next

Add Who dialog

The Add Who dialog appears when Add | Add Wildcard Expression is clicked on the Who search properties tab (Searches page or the Purge Options page in the Purge Job wizard). This dialog also appears when the Add Wildcard Expression button is used on the Add Users, Computers, or Groups dialog.

From this dialog specify a wildcard expression to be used to search for either a user or group, then click the OK button to save your selection and close the dialog.

This dialog contains the following fields/controls to define the wildcard expression to be used in the search definition:

Comparison operator

In the left-hand field, use the drop-down control to select the comparison operator to be used:
Like
Not Like

Pattern

In the right-hand field, enter the pattern (character string (Domain\User) and * wildcard character) to be used to search for a match.

Use the * wildcard character to match any string of zero or more characters. For example, entering LIKE *admin* will find all users with the character string ‘admin’ anywhere in the name.

User

This option is selected by default and the search will be conducted on the user name.

Group

Select this option to conduct the search on the group name.

Advanced Deployment Options dialog

Previous Next

Advanced Deployment Options dialog

The Advanced Deployment Options dialog appears when the Advanced Options tool bar button is clicked on the Deployment page. From this dialog, you can define the following options:
specify a different agent installation location
specify a custom share on the remote server
specify whether to launch the Change Auditor agent System Tray icon on startup
specify whether to restart the agent on failure
* 
NOTE: If multiple agents are selected in the Deployed Agents grid on the Deployment page, the settings specified on this dialog will apply to all of the selected agents.

This dialog contains the following fields/controls to define these options:

Specify agent installation location

Select this check box and enter the location to be used for the agent installation folder. In addition, select one of the following options to specify the action to be taken if the path entered cannot be created on a server:
Use the default location and continue %ProgramFiles%\Quest\ChangeAuditor (default)
Fail the installation/upgrade for that agent
* 
NOTE: The location entered is used for all agented servers/workstations selected on the Deployment page.

Specify a custom share on the remote server

By default, the system share (ADMIN$) is used, however, you can use a different share by selecting this check box and entering the share to be used.

Launch ServiceStatusTray on startup

Use this setting to indicate whether you want to launch the Change Auditor agent system tray icon when the agent is started. Select one of the following options to specify the action to be taken:
Yes - launch the ServiceStatusTray icon on startup.
No - do not launch the ServiceStatusTray icon on startup.
Do no change - use the current ServiceStatusTray launch option as previously defined. (Default)
* 
NOTE: The Change Auditor agent system tray icon (and the Launch ServiceStatusTray on startup setting) applies only to server agents.

Restart agent on failure

Use this setting to indicate the action to be taken when an agent fails to start. Select one of the following options to specify the action to be taken:
Yes - restart agent on failure. (See note below)
No - do not restart the agent on failure.
Do not change - use the current restart agent option as previously defined. (Default)
* 
NOTE: When you select Yes, the agent is restarted if a main Change Auditor service goes off line due to a crash, failure or unknown exception; however, if the agent is gracefully shut down, the service will not be restarted.

Save as Default

Click this button to save the current advanced deployment settings as the default for future agent deployments.

Restore to Default

Click this button to restore the advanced deployment settings to the factory defaults for the agent(s) selected on the Deployment page or to the last saved defaults.

Agent Assignment dialog

Previous Next

Agent Assignment dialog

The Agent Assignment dialog appears whenever the Assign tool bar button on the Agent Configuration page is clicked. This dialog contains a list of the agent configurations defined that can be assigned to Change Auditor server agents. After selecting an agent configuration from this list, click the OK button to save the agent configuration assignment and close the dialog. Back on the Agent Configuration page, the new configuration assignment will be displayed in the Configuration column for the selected agent.

* 
NOTE: This tool bar button is enabled only when one or more agents are selected on the Agent Configuration page. If multiple agents are selected, this new configuration assignment will be applied to all the server agents selected.

Alert Body Configuration dialog

Previous Next

Alert Body Configuration dialog

The Alert Body Configuration dialog appears when the Configure Body button is clicked on the Coordinator Configuration page or the Alert Custom Email dialog. When accessed through the Coordinator Configuration page, these settings will apply globally to all alert emails. However, when accessed through the Alert Custom Email dialog, these settings will apply to the selected alert only.

The Alert Body Configuration dialog allows you to edit the Plain Text and the HTML representation of alert emails. It consists of the following tabbed pages where you can define the content and layout of alert messages:

Preview tab

The preview tab presents a sample of what your customized email will look like.

Main Body tab

Use the Main Body tab to define the overall content and layout of the alert body. This tab consists of the following fields/options:

Main Body text box

In the Main Body tab, enter the text to be included in the main body of alert emails.

The event details defined in the Event Details tab are placed in the Main Body tab using the following tag: %EVENT_DETAILS%. This tag should not be removed from this tab if you want to include event details in alert emails.

Use the Global Main Body

Select this check box to use the global settings for the main body of the selected alert. When this check box is selected, the Main Body text box is read-only and cannot be modified.

 
* 
NOTE: This check box is only available when this dialog is accessed through the Alert Custom Email dialog to define individual alert email content.

Show Variables

Select the Show Variables check box to display the list of variables available for inclusion in the Main Body. To add a variable, double-click the variable from the Variable list at the bottom of the page. You can also drag and drop a variable from the Variable list into the event details text box.

* 
NOTE: When the Use the Global Main Body check box is selected, the Main Body text box is read-only; therefore, you can view the variables available, but cannot modified the main body text using these variables.
 

Event Details tab

Use the Event Details tab to define the event details to be included in alert emails. This tab contains the following fields/options:

Event Details text box

From here, you can edit the default event details file (for example, rearrange the entries, remove entries, and modify text) to define how event details are to be presented in alert emails.

* 
NOTE: Do not modify the blue text enclosed in percent signs (for example, %USERNAME%). These are tags which represent actual data retrieved from the Change Auditor event that triggered the alert.

Use the Global Event Details

Select this check box to use the global settings for the event details of the selected alert. When this check box is selected, the Event Details text box is read-only and cannot be modified.

 
* 
NOTE: This check box is only available when this dialog is accessed through the Alert Custom Email dialog to define individual alert email content.

Show Variables

Select the Show Variables check box to display the list of variables available for inclusion in the Event Details. To add a variable, double-click the variable from the Variable list at the bottom of the page. You can also drag and drop a variable from the Variable list into the event details text box.

* 
NOTE: When the Use the Global Event Details check box is selected, the Main Body text box is read-only; therefore, you can view the variables available, but cannot modified the event details text using these variables.

Signature tab

Use the Signature tab to define the signature line to be added to the alert email.

Signature text box

Enter the content of the signature line to be used in alert emails.

Use the Global Signature

Select to use the global settings for the signature of the selected alert. When this check box is selected, the Signature text box is read-only and cannot be modified.

* 
NOTE: This check box is only available when this dialog is accessed through the Alert Custom Email dialog to define individual alert email content.

When verifying your edits, remember that email tags (whether entered manually or selected from the list), will always be represented in blue. Black text within your alert will be taken literally and will be displayed as entered.

The following options and buttons are available at the bottom of the dialog:

Plain Text

Select to use plain text format for editing and displaying the content of alert emails.

HTML

Select to use HTML format for editing and displaying the content of alert emails.

Restore to Default

Select to reset of all of the alert content back to the factory default settings.

Documentos relacionados

The document was helpful.

Selecione a classificação

I easily found the information I needed.

Selecione a classificação