Chat now with support
Chat with Support

Quest has tools and processes in place to identify, protect, detect, and remediate vulnerabilities and incidents when they occur, including external security partners. As part of our standard security operations, Quest does not use CrowdStrike in any of our operations. We are reviewing our third parties, and so far, there is minimal affect. It is Quest's policy not to provide further technical details unless they directly impact customer data.

Change Auditor 7.4 - SIEM Integration User Guide

Integrating Change Auditor and SIEM Tools Subscription Management
Adding the PowerShell module Viewing available commands and help Connecting to Change Auditor Managing subscriptions Working with event subscriptions in the client Managing a Splunk integration Managing an IBM QRadar integration Managing a Micro Focus Security ArcSight Logger and Enterprise Security Manager (ESM) integration Managing a Quest IT Security Search integration (Preview) Managing a Syslog integration Managing a Microsoft Sentinel integration
Webhook technical insights

Subscription failover support

If a coordinator detects that the event sending to a SIEM subscription has been consistently failing for a specified period of time, it will try another coordinator that has been specified as an allowed coordinator to send events to a SIEM tool. If the second coordinator successfully sends events to the SIEM subscription, it will continue performing the task.

The following internal events help to keep you informed of any issues:

By default, the failover time period for the coordinator is set to 30 minutes.

Subscription Management

 

Adding the PowerShell module

Change Auditor comes with a PowerShell module for you to use to manage your environment. It is installed when you install the Windows client or a coordinator.

Viewing available commands and help

 

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating