Chat now with support
Chat with Support

Change Auditor 7.3 - Release Notes

IT Security Search requirements

IT Security Search is a web-based interface that correlates IT data from numerous systems and devices into an interactive search engine for fast security incident response and forensic analysis. As a Change Auditor customer, you can access IT Security Search from our Autorun and begin to apply its many features.

Table 20. IT Security Search requirements
Component
Supported Versions

IT Security Search supported up to the following versions

IT Security Search 11.4.1

Auditing and permission requirements

Exchange Server auditing
Table 21. Exchange Server auditing requirements
Component
Supported Versions

Change Auditor

Change Auditor for Exchange

Exchange Servers supported up to the following versions

Windows Server 2012
Microsoft Exchange Server 2013 CU23
Microsoft Exchange Server 2016 CU23

Windows Server 2012 R2
Microsoft Exchange Server 2013 CU23
Microsoft Exchange Server 2016 CU23

Windows Server 2016
Microsoft Exchange Server 2016 CU23

Windows Server 2019, Windows Server Core 2019
Microsoft Exchange Server 2019 CU12
NOTE: MAPI over HTTP protocol is supported starting from Microsoft Exchange Server 2013 CU8.

For more information

See the Change Auditor for Exchange User Guide.

SQL Server auditing

 
Table 22. SQL Server auditing requirements
Component
Supported Versions

Change Auditor

Change Auditor for SQL Server

SQL Servers supported up to the following versions
Microsoft SQL Server 2014 SP3
Microsoft SQL Server 2016 SP3
Microsoft SQL Server 2017
Microsoft SQL Server 2019
NOTE: Change Auditor supports auditing databases that have row and page compression applied.
NOTE: Auditing is supported on SQL clusters only when they are not using high availability technologies.  In this configuration, the agent is not aware of the cluster and only audits the active nodes in the cluster where agents are deployed.
NOTE: Due to a hotfix Microsoft released for SQL Server, Change Auditor agents no longer capture SQL-related events unless the following action is taken on the SQL Server:

Using SQL Server Configuration Manager, add the startup parameter “-T1906” on the Startup Parameters tab in the SQL Server Properties dialog.

This requires a SQL Server service restart.

For more information

See the Change Auditor for SQL Server User Guide.

Exchange Server auditing

Auditing and permission requirements
Exchange Server auditing
Table 21. Exchange Server auditing requirements
Component
Supported Versions

Change Auditor

Change Auditor for Exchange

Exchange Servers supported up to the following versions

Windows Server 2012
Microsoft Exchange Server 2013 CU23
Microsoft Exchange Server 2016 CU23

Windows Server 2012 R2
Microsoft Exchange Server 2013 CU23
Microsoft Exchange Server 2016 CU23

Windows Server 2016
Microsoft Exchange Server 2016 CU23

Windows Server 2019, Windows Server Core 2019
Microsoft Exchange Server 2019 CU12
NOTE: MAPI over HTTP protocol is supported starting from Microsoft Exchange Server 2013 CU8.

For more information

See the Change Auditor for Exchange User Guide.

SQL Server auditing

 
Table 22. SQL Server auditing requirements
Component
Supported Versions

Change Auditor

Change Auditor for SQL Server

SQL Servers supported up to the following versions
Microsoft SQL Server 2014 SP3
Microsoft SQL Server 2016 SP3
Microsoft SQL Server 2017
Microsoft SQL Server 2019
NOTE: Change Auditor supports auditing databases that have row and page compression applied.
NOTE: Auditing is supported on SQL clusters only when they are not using high availability technologies.  In this configuration, the agent is not aware of the cluster and only audits the active nodes in the cluster where agents are deployed.
NOTE: Due to a hotfix Microsoft released for SQL Server, Change Auditor agents no longer capture SQL-related events unless the following action is taken on the SQL Server:

Using SQL Server Configuration Manager, add the startup parameter “-T1906” on the Startup Parameters tab in the SQL Server Properties dialog.

This requires a SQL Server service restart.

For more information

See the Change Auditor for SQL Server User Guide.

SQL Server Data Level auditing

Table 23. SQL Server Data Level auditing requirements
Component
Supported Versions

Change Auditor

Change Auditor for SQL Server

SQL Servers supported up to the following versions

 
Microsoft SQL Server 2014 SP3
Microsoft SQL Server 2016 SP3
Microsoft SQL Server 2017
Microsoft SQL Server 2019
NOTE: Auditing is supported on SQL clusters only when they are not using high availability technologies. In this configuration, the agent only audits the active nodes in the cluster where agents are deployed.
NOTE: Change Auditor SQL Data Level auditing currently only supports auditing databases in Full and Bulk logged recovery models. Minimally logged operations performed in bulk logged recovery model may not produce auditing events. An initial backup is required for both Full and Bulk logged databases before the transaction log can properly support auditing.
NOTE: Encrypted databases are not supported.
NOTE: Change Auditor does not support auditing databases that have row and page compression applied.
NOTE: Agent memory can increase 1.5 GB per audited database.
NOTE: SQL Data Level auditing templates are assigned to an agent when you create the template. Each audited database requires one template assigned to a single agent.

Required permissions

The account specified in the auditing template that is used to access the SQL Server instance must have the following database permissions:
Permission to open a connection to the targeted database.
Read permissions on targeted tables and system tables.
VIEW SERVER STATE permission.
SYSADMIN server role.
CONTROL SERVER permission.

For more information

See the Change Auditor for SQL Server User Guide.

SQL Server Extended Events auditing (Preview)

 
Table 24. SQL Server Extended Events auditing requirements
Component
Supported Versions

Change Auditor

Change Auditor for SQL Server

SQL Servers supported up to the following versions
Microsoft SQL Server 2014 SP3
Microsoft SQL Server 2016 SP3
Microsoft SQL Server 2017
Microsoft SQL Server 2019
NOTE: Auditing is supported on SQL clusters only when they are not using high availability technologies. In this configuration, the agent only audits the active nodes in the cluster where agents are deployed.
NOTE: Encrypted databases are not supported.
NOTE: Change Auditor does not support auditing databases that have row and page compression applied.

Required permissions

User running Change Auditor client must hold the CA Administrator Role, or a custom role that includes the 'View SQL Templates' operation

The specified SQL login account must have the following SQL Server permissions:
Alter any event session
View server state
Connect SQL
View any database

Alternatively, the account must have a SQL server role that contains these permissions, for example 'Sysadmin'.

NOTE:  
If using Windows authentication for the SQL Login account, and the specified agent for the auditing template is not installed on the target SQL server, the agent host computer account must also be added to the SQL Security Logins on the target SQL server with the same permissions requirement as the specified SQL login account for the auditing template.
If using Windows authentication for the SQL Login account, and the agent for the auditing template is installed on the target SQL server, the local computer ‘NT AUTHORITY\SYSTEM' account must be added to the SQL Security Logins on the target SQL server with the “View Server State” permission granted.

Both SQL and Windows authentication are supported.

For more information

See the Change Auditor for Change Auditor PowerShell Command User Guide or the Change Auditor for SQL User Guide for details.

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating