Chat now with support
Chat with Support

Change Auditor Threat Detection 7.0.2 - Deployment Guide

Deploying Threat Detection
Introduction to Change Auditor Threat Detection
Who should have input on the deployment plan?
Components and workflow
Requirements and prerequisites
Events to configure
Deploying a Threat Detection server on ESX
Deploying a Threat Detection server on Hyper-V
Upgrading the Threat Detection server
Creating a Threat Detection configuration
Reviewing configuration status
Removing a configuration
Maintaining the Change Auditor database size
Historical events and your baseline calculations

Introduction to Change Auditor Threat Detection

To protect your data and your business, Change Auditor Threat Detection uses advanced machine learning, user and entity behavioral analytics (UEBA), and SMART correlation technology to spot anomalous activity and identify the highest risk users in your environment. The users with the highest risk scores are then highlighted in the Threat Detection dashboard, enabling you to prioritize your response and adjust policies to strengthen your organization’s security and regulatory enforcement.

For details about using the Threat Detection dashboard see the Change Auditor Threat Detection User Guide.

This guide gives information about how Change Auditor integrates with the Threat Detection server to process event data. It is intended for administrators who are responsible for the implementation, deployment, and monitoring of the Change Auditor Threat Detection deployment and configuration.

Who should have input on the deployment plan?

A complete deployment plan requires the combined effort of the resources within your organization who are responsible for information security, such as:
Chief Information Security Officers who understand the complexities of the enterprise’s IT infrastructure and are responsible for the overall handling of key vulnerabilities. Change Auditor provides data to help them deliver security updates and communications.
Security architects who are responsible for building and overseeing the implementation of the network’s security measures. They need to define the threat priorities for their environment.
Database and network administrators who are responsible for the implementation, deployment, and monitoring of the Change Auditor Threat Detection configuration.
Auditors and network administrators who are responsible for reviewing the potential threats, optimizing the system by inputting feedback, and prioritizing and investigate the most serious threats.

Components and workflow

Change Auditor sends events in real time to the Threat Detection server to be used for analysis based on calculated user behavior baselines.

See the Change Auditor Threat Detection User Guide for details on Threat Detection concepts and terms.

To enable Threat Detection:

1
Apply the required licenses. (Change Auditor Threat Detection and any required Change Auditor auditing modules.) If you are using more than one coordinator, apply the license to all of them. To verify that a license is applied, right-click the coordinator icon in the system tray and select Licensing.
2
Configure required events for Threat Detection. See Events to configure.
3
Deploy the Threat Detection server on a virtual computer. See Deploying a Threat Detection server on ESX and Deploying a Threat Detection server on Hyper-V.
4
Configure Change Auditor to send collected event data to the Threat Detection server. See Creating a Threat Detection configuration.
5
Login to the Threat Detection dashboard to see the alerts and data. See the Threat Detection User Guide for information about navigating the dashboard and using the data to secure your environment.
Self Service Tools
Knowledge Base
Notifications & Alerts
Product Support
Software Downloads
Technical Documentation
User Forums
Video Tutorials
RSS Feed
Contact Us
Licensing Assistance
Technical Support
View All
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating