Converse agora com nosso suporte
Chat com o suporte

Change Auditor 7.5 - User Guide

Welcome to Change Auditor Help Change Auditor Core Functionality
Change Auditor Core Functionality Change Auditor Overview Agent Deployment Change Auditor Client Overview Overview Page Searches Search Results and Event Details Custom Searches and Search Properties Enable Alert Notifications Administration Tasks Agent Configurations Coordinator Configuration Purging and Archiving your Change Auditor Database Working with Private Alerts and Reports Generate and Schedule Reports SQL Reporting Services Configuration Change Auditor User Interface Authorization Client Authentication Certificate authentication for client coordinator communication Integrating with On Demand Audit Enable/Disable Event Auditing Account Exclusion Registry Auditing Service Auditing Agent Statistics and Logs Coordinator Statistics and Logs Change Auditor Commands Change Auditor Email Tags
Microsoft 365 and Microsoft Entra ID Auditing Change Auditor for Active Directory
Change Auditor for Active Directory Overview Custom Active Directory Searches and Reports Custom Active Directory Object Auditing Custom Active Directory Attribute Auditing Member of Group Auditing Active Directory Federation Services Auditing ADAM (AD LDS) Auditing Active Directory Database Auditing Active Roles Integration Quest GPOADmin Integration Active Directory Protection Event Details Pane About us
Change Auditor for Authentication Services Change Auditor for Defender Change Auditor for EMC Change Auditor for Exchange Change Auditor for Windows File Servers Change Auditor for Active Directory Queries Change Auditor for Logon Activity Change Auditor for NetApp Change Auditor for SharePoint Change Auditor for SQL Server Change Auditor SIEM Integration Guide
Webhooks in Change Auditor Integrating Change Auditor and SIEM Tools Subscription Management
Adding the PowerShell module Viewing available commands and help Connecting to Change Auditor Managing subscriptions Working with event subscriptions in the client Managing a Splunk integration Splunk event subscription wizard Managing an IBM QRadar integration QRadar event subscription wizard Managing a Micro Focus Security ArcSight Logger and Enterprise Security Manager (ESM) integration ArcSight event subscription wizard Managing a Quest IT Security Search integration (Preview) Managing a Syslog integration Syslog event subscription wizard Managing a Microsoft Sentinel integration Microsoft Sentinel event subscription wizard
Webhook technical insights
Change Auditor Threat Detection Deployment Change Auditor Threat Detection Dashboard Change Auditor PowerShell Command Guide Change Auditor Dialogs
Change Auditor dialogs
Quest Change Auditor dialog Add Administrator Add Agents, Domains, Sites dialog Add Container dialog Add Active Directory Container dialog (AD Query) Add Facilities or Event Classes dialog Add Facilities or Event Classes dialog (Add With Events) Add File System Path dialog Add Foreign Forest Credential Add Group Policy Container dialog Add Local Account dialog Add Logons dialog Add Logons dialog (Add With Events) Add Object Classes dialog Add Object Classes dialog (Add With Events) Add Origin dialog Add Origin dialog (Add With Events) Add Registry Key dialog Add Results dialog Add Service dialog Add Service dialog (Add With Events) Add Severities dialog Add Severities dialog (Add With Events) Add SharePoint Path dialog Add SQL Instance dialog Add SQL Data Level Object Add Users, Computers or Groups dialog Add Where dialog Add Who dialog Advanced Deployment Options dialog Agent Assignment dialog Alert Body Configuration dialog Alert Custom Email dialog Auditing and Protection Templates dialog Authorizations: Application Group dialog Authorizations: Operations | Role Definitions | Task Definitions | Application Group Authorizations: Role dialog Authorizations: Task dialog Auto Deploy to New Servers in Forest dialog Browse for Folder dialog Browse SharePoint dialog Comments dialog Configuration Setup dialog Configure cepp.conf Auditing dialog Connection screen Coordinator Configuration tool Coordinator Credentials Required dialog Credentials Required dialog Custom Filter dialog Database Credentials Required dialog Directory object picker Domain Credentials dialog Eligible Change Auditor Agents dialog Event Logging dialog Export/Import dialog Install or Upgrade/Uninstall/Update Foreign Agent Credentials IP Address dialog Log page Logon Credentials dialog (Deployment page) Logon Credentials dialog (EMC Auditing wizard) Manage Connection Profiles dialog New Report Layout dialog Microsoft 365 dialog Rename dialog Save As dialog Select a SQL Instance and Database dialog Select Destination Folder dialog Select Exchange Users dialog Select Registry Key dialog Select SQL Reporting Services Template dialog Shared Mailboxes dialog SharePoint Credentials Required dialog When dialog
About Us

SQL Reporting Services Wizard

Previous Next

SQL Reporting Services Wizard

The SQL Reporting Services wizard is displayed when you select Add on the SQL Reporting Services page. Using this wizard you can define the reporting services and data source information to be included in the template, as well the user and group accounts authorized to use this template to publish reports to SRS.

The following table provides a description of the fields and controls in the SQL Reporting Services wizard.

* 
NOTE: A red flashing icon indicates that you have not yet entered the required information. A green check mark indicates that the required information has been specified and you are ready to proceed.
 

Table 1. SQL Reporting Services wizard

Create or modify a SQL Reporting Services Template page: Use this page to enter a name for the template and credentials to be used to access the SQL Reporting Services server and Change Auditor shared data source.

 

Template Name

Enter a descriptive name for the SQL Reporting Services template being created.

SQL Server Reporting Services

NOTE: SQL Reporting Services must be configured with anonymous access disabled.
NOTE: The account entered in this section requires rights to create SRS reports and data sources on the server (a.k.a. Content Manager).

Report Server URL

Enter the URL for the SQL Reporting Services (SRS) server that will be hosting the Change Auditor reports.

For example: http://<SQL_Server>/<ReportServer>

where <SQL_Server> is the name of the server hosting SRS and <ReportServer> is the name of the report server virtual directory.

User

Enter a user name for a Windows account that has credentials to copy files to a SQL Reporting Service.

Password

Enter the password associated with the user name entered above.

Domain

Enter the domain for the Windows account to be used to access SRS.

Change Auditor Shared Data Source

NOTE: The account specified in this section is used to create and read data from the Change Auditor data source.

Data Source Name

Enter the name of the Change Auditor data source.

Authentication

Select the appropriate authentication method for connecting to the Change Auditor data source:
Windows Authentication - Select this option to use Windows authentication for connecting to the Change Auditor data source.
SQL Server Authentication - Select this option to use SQL Server authentication for connecting to the Change Auditor data source.

User

Enter a user name for the account to be used to access the Change Auditor data source.

Password

Enter the password associated with the user name entered above.

Domain

Enter the domain for the user account to be used to access the Change Auditor data source. This only applies to Windows Authentication.

Test

Use the Test button at the bottom of the dialog to verify the credentials entered in the SQL Server Reporting Services section at the top of the dialog.

Select Accounts Authorized to Use This SQL Reporting Services Service Template page

When you enter a user or group account on this page, you are defining which users/groups are allowed to use this template to publish reports to SRS. That is, only users who are listed on this page (or users in any groups listed on this page) will be able to use the Import SRS Settings button on the Reporting Services Setup dialog to select this SRS template.

 

Browse Page

Displays a hierarchical view of the containers in your environment allowing you to locate and select the user or group account(s) to be included in this template.

Once you have selected an account, use Add to add it to the list box at the bottom of the page.

Search Page

Use the controls at the top of the Search page to search your environment to locate the desired user or group account.

Once you have selected an account, use Add to add it to the list box at the bottom of the page.

Options Page

Use the Options page to modify the search options or global catalog used to retrieve directory objects.

 

Account List

The list box located across the bottom of this page, displays the accounts that are authorized to import the SRS settings in this template to publish Change Auditor reports to SRS. Use the buttons located above this list box to add and remove objects.

Add

Select a user or group in the Browse or Search page and select Add to add it to the list.

Remove

Select an entry from the list and then select Remove to remove it.

 

Change Auditor User Interface Authorization

Previous Next

Change Auditor User Interface Authorization
Introduction
Application User Interface Authorization page
Add task definition
Add role definition
Add application group

Introduction

Previous Next

Introduction

Role-based access control allows you to assign users/groups to roles based on their job functions and grant these roles permissions to perform related tasks. Role-based access control is broken down into the following entities to define ‘who can do what’:
Operation: a single action that users need to be granted rights to perform
Task: a collection of logically related operations
Role: a logical group of users and the tasks they are allowed to perform

Authorization for using the different features is defined using the Application User Interface Authorization page. From the Administration tab, you can add new task and role definitions or delete user-defined roles and tasks that are no longer required.

By default, the following roles and tasks are defined; therefore, no action is required on your part to start using the client:
AD Protection Role - has access to view Active Directory and Group Policy protection
Administrator Role - has full administrator privileges with access to all aspects of the client, web client and deployment of agents
Operator Role - has only operator privileges with limited access to the client (e.g. these users can define and run searches, but they cannot access the Administration, Statistics or Deployment pages) and access to perform all tasks except the administration functions in the web client
Web Client Shared Overviews Role - has view access to the web client shared overviews; while restricting access to only what has been shared
AD Protection Task - grants access to Active Directory and Group Policy protection tasks
Administrator Task - grants full administrator access
Operator Task - grants operator access only
Restore Value Task - allow use of the Restore Value button in the Event Details pane.
Web Client Shared Overviews Task - grants view access to web client’s shared overviews

During installation, you added user accounts to the Change Auditor security groups (ChangeAuditor Administrators - <InstallationName> and ChangeAuditor Operators - <InstallationName>). These security groups are automatically added as members of the appropriate role (Administrator Role and Operator Role). If applicable, during the web client installation, you may have also added user accounts to the ChangeAuditor Web Shared Overview Users security group. This additional security group is added as a member to the Web Client Shared Overviews role.

* 
NOTE: The Administrator, Operator and Web Client Shared Overviews roles and tasks cannot be removed, renamed or edited.

Using the AD Protection role and task, administrators can specify who is authorized to view protection definitions for Active Directory and Group Policy objects. Using the Restore Value task, administrators can enable and disable the ability to restore values when viewing events in the Event Details pane. See the Quest Change Auditor for Active Directory User Guide for information on restricting access to specific domains and organizational units and restoring values.

Application User Interface Authorization page

Previous Next

Application User Interface Authorization page

The Application User Interface Authorization page is displayed when Application User Interface is selected from the Configuration task list in the navigation pane of the Administration Tasks tab.

From this page, you can define who is authorized to perform the different operations available in the Change Auditor client, including performing the administrative tasks listed on the Administration Tasks tab and defining search criteria.

The Application User Interface Authorization page contains an expandable view of the role and task definitions which define role-based access. To add a role or task, use the appropriate Add tool bar command: Add | Add Role Definition or Add | Add Task Definition.

Once added, the following information is provided for each definition:

Name

Displays the name assigned to the role or task definition when it was created.

Type

Indicates the type of definition:
Role
Task
Description

Displays the description entered when the role or task definition was created.

 

Click the expansion box to the left of a Role Definition to expand this view and display the following details:

Member

Displays the user and group accounts that are assigned as members of the selected role.

Type

Indicates the type of account in the selected role:
Group
User
Application Group
Description

Displays the description from the Members tab of the Authorization Role dialog when the role was created.

* 
NOTE: The cells directly under the main heading rows are used for filtering data. That is, as you enter characters into these cells, the client will redisplay the roles or tasks that meet the search criteria (i.e., comparison operator and characters entered). For more details about using the data filtering function provided throughout the Change Auditor client, see Filter data.
Documentos relacionados

The document was helpful.

Selecione a classificação

I easily found the information I needed.

Selecione a classificação