Chat now with support
Chat with Support

Change Auditor 7.4 - SIEM Integration User Guide

Integrating Change Auditor and SIEM Tools Subscription Management
Adding the PowerShell module Viewing available commands and help Connecting to Change Auditor Managing subscriptions Working with event subscriptions in the client Managing a Splunk integration Managing an IBM QRadar integration Managing a Micro Focus Security ArcSight Logger and Enterprise Security Manager (ESM) integration Managing a Quest IT Security Search integration (Preview) Managing a Syslog integration Managing a Microsoft Sentinel integration
Webhook technical insights

Subscription failover support

If a coordinator detects that the event sending to a SIEM subscription has been consistently failing for a specified period of time, it will try another coordinator that has been specified as an allowed coordinator to send events to a SIEM tool. If the second coordinator successfully sends events to the SIEM subscription, it will continue performing the task.

The following internal events help to keep you informed of any issues:

By default, the failover time period for the coordinator is set to 30 minutes.

Subscription Management


Adding the PowerShell module

Change Auditor comes with a PowerShell module for you to use to manage your environment. It is installed when you install the Windows client or a coordinator.

Viewing available commands and help


Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating