Chat now with support
Chat with Support

Change Auditor 7.2 - Built-in Reports Reference Guide

Introduction Built-in reports
Active Directory Federation Services AD Query All Events Authentication Services Azure Active Directory Defender Office 365 Logon Activity Skype for Business Recommended Best Practices Regulatory Compliance
FISMA (Federal Information Security Management Act)
NIST SP 800-53 | Technical Controls | Accountability (Including Audit Trails) | A01 – User Association NIST SP 800-53 | Technical Controls | Accountability (Including Audit Trails) | A02 – Content of Audit Records NIST SP 800-53 | Technical Controls | Accountability (Including Audit Trails) | A03 – Auditable Events NIST SP 800-53 | Technical Controls | Accountability (Including Audit Trails) | A04 – Audit Processing NIST SP 800-53 | Technical Controls | Identification and Authentication | IA02 – Remote, Privileged Access Authentication NIST SP 800-53 | Technical Controls | Identification and Authentication | IA03 – Password Protection Mechanisms NIST SP 800-53 | Technical Controls | Identification and Authentication | IA04 – Password Life NIST SP 800-53 | Technical Controls | Identification and Authentication | IA05 – Password Content NIST SP 800-53 | Technical Controls | Identification and Authentication | IA12 – Remote Access Identification Authentication NIST SP 800-53 | Technical Controls | Identification and Authentication | IA16 – Password Management NIST SP 800-53 | Technical Controls | Logical Access Control | AC01 - Remote Access Restrictions NIST SP 800-53 | Technical Controls | Logical Access Control | AC02 - Logon Notification Message NIST SP 800-53 | Technical Controls | Logical Access Control | AC05 - Session Inactivity NIST SP 800-53 | Technical Controls | Logical Access Control | AC06 - Limited Connection Time NIST SP 800-53 | Technical Controls | Logical Access Control | AC09 - Enforcement Mechanisms NIST SP 800-53 | Technical Controls | Logical Access Control | AC10 - Automated Account Controls NIST SP 800-53 | Technical Controls | Logical Access Control | AC12 - Supervision and Review NIST SP 800-53 | Technical Controls | Logical Access Control | AC14 - Authorization Procedures NIST SP 800-53 | Technical Controls | System and Communications Protection | SP02 - Information System Partitioning NIST SP 800-53 | Technical Controls | System and Communications Protection | SP04 - Denial of Service Protection NIST SP 800-53 | Technical Controls | System and Communications Protection | SP05 - Resource Priority NIST SP 800-53 | Technical Controls | System and Communications Protection | SP06 - Boundary Protection NIST SP 800-53 | Technical Controls | System and Communications Protection | SP07 - Network Segregation NIST SP 800-53 | Technical Controls | System and Communications Protection | SP09 - Network Disconnect NIST SP 800-53 | Technical Controls | System and Communications Protection | SP11 - Trust Path NIST SP 800-53 | Technical Controls | System and Communications Protection | SP16 - Use of Encryption
GLBA (Gramm-Leach-Bliley Act) GDPR HIPAA (Health Insurance Portability and Accountability Act) Payment Card Industry SAS 70 (Statement on Auditing Standards, Service Organizations) SOX (Sarbanes-Oxley General IT Controls Evidence based on the COBIT Framework)
Security SharePoint SQL Data Level Threat Detection

6801 – Protection of Non Public Personal Information | 6801(a) – Privacy Obligation Policy

| 6801(a) – Privacy Obligation Policy
(Executive Summary) - 6801(a) Formal Mechanisms for Processing Records

A summary report containing events from all of the following reports.

6805 – Enforcement | 6805(b) – Enforcement of Section 6801

| 6805(b) – Enforcement of Section 6801
(Executive Summary) - 6805(b) Enforcement of Section 6801

A summary report containing events from all of the following reports.

6805(b) – Detailed list of Change Auditor agent modifications
Who = All Users
What = Agent Service Has More Than 100 Events Waiting; Agent Service Has Reached a Critical Load; Agent Service Has Returned to Normal Operations; Change Auditor Agent Disconnected; Change Auditor Agent Uninstalled; Change Auditor Agent Connected
Where = All sources
When = Last 7 days
Origin = All workstations/servers
6805(b) – Detailed list of Change Auditor Internal Controls modifications
Who = All Users
What = Change Auditor Internal Auditing facility
Where = All sources
When = Last 7 days
Origin = All workstations/servers
6805(b) – Detailed list of critical group membership modifications
Who = All Users
What = Nested Member Added to Critical Enterprise Group; Nested Member Removed from Critical Enterprise Group; Member Added to Critical Enterprise Group; Member Removed from Critical Enterprise Group
Where = All sources
When = Last 7 days
Origin = All workstations/servers
6805(b) – Detailed list of file system permission modifications
Who = All Users
What = File Access Rights Changed; Folder Access Rights Changed; Local Share Permissions Changed; SYSVOL Folder Access Rights Changed
Where = All sources
When = Last 7 days
Origin = All workstations/servers
6805(b) – Detailed list of GPO modifications
Who = All Users
What = Group Policy Item facility; Group Policy Object facility
Where = All sources
When = Last 7 days
Origin = All workstations/servers
6805(b) – Detailed list of interactive login policy modifications
Who = All Users
What = Interactive Logon: Message Title for Users Attempting to Log On Changed; Interactive Logon: Do Not Require CTRL+ALT+DEL Policy Changed; Interactive Logon: Message Text for Users Attempting to Log On Policy Changed; Interactive Logon: Do Not Display Last User Name Policy Changed
Where = All sources
When = Last 7 days
Origin = All workstations/servers
6805(b) – Detailed list of security log modifications
Who = All Users
What = Audit Account Logon Events Policy Changed; Audit Account Management Policy Changed; Audit Directory Service Access Policy Changed; Audit Logon Events Policy Changed; Audit Object Access Policy Changed; Audit Policy Change Policy Changed; Audit Privilege Use Policy Changed; Audit Process Tracking Policy Changed; Audit System Events Policy Changed; Audit: Audit the Access of Global System Objects Policy Changed; Audit: Audit Use of Backup and Restore Privilege Policy Changed; Audit: Shut Down System Immediately if Unable to Log Security Audit Policy Changed; Security Audit Log Rolled Over; Crash on Audit Fail Policy Changed; Shut Down The Computer When The Security Audit Log is Full Policy Changed
Where = All sources
When = Last 7 days
Origin = All workstations/servers

GDPR

Administrative Control

Messaging\Skype for Business
- All member changes in Skype for Business administration groups in the last 7 days
Who = All Users
What = Member added to Skype for Business administration group, Member removed to Skype for Business administration group
Where = All sources
When = Last 7 days
Origin = All workstations/servers
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating