Chat now with support
Chat with Support

Change Auditor 7.5 - User Guide

Welcome to Change Auditor Help Change Auditor Core Functionality
Change Auditor Core Functionality Change Auditor Overview Agent Deployment Change Auditor Client Overview Overview Page Searches Search Results and Event Details Custom Searches and Search Properties Enable Alert Notifications Administration Tasks Agent Configurations Coordinator Configuration Purging and Archiving your Change Auditor Database Working with Private Alerts and Reports Generate and Schedule Reports SQL Reporting Services Configuration Change Auditor User Interface Authorization Client Authentication Certificate authentication for client coordinator communication Integrating with On Demand Audit Enable/Disable Event Auditing Account Exclusion Registry Auditing Service Auditing Agent Statistics and Logs Coordinator Statistics and Logs Change Auditor Commands Change Auditor Email Tags
Microsoft 365 and Microsoft Entra ID Auditing Change Auditor for Active Directory
Change Auditor for Active Directory Overview Custom Active Directory Searches and Reports Custom Active Directory Object Auditing Custom Active Directory Attribute Auditing Member of Group Auditing Active Directory Federation Services Auditing ADAM (AD LDS) Auditing Active Directory Database Auditing Active Roles Integration Quest GPOADmin Integration Active Directory Protection Event Details Pane About us
Change Auditor for Authentication Services Change Auditor for Defender Change Auditor for EMC Change Auditor for Exchange Change Auditor for Windows File Servers Change Auditor for Active Directory Queries Change Auditor for Logon Activity Change Auditor for NetApp Change Auditor for SharePoint Change Auditor for SQL Server Change Auditor SIEM Integration Guide
Webhooks in Change Auditor Integrating Change Auditor and SIEM Tools Subscription Management
Adding the PowerShell module Viewing available commands and help Connecting to Change Auditor Managing subscriptions Working with event subscriptions in the client Managing a Splunk integration Splunk event subscription wizard Managing an IBM QRadar integration QRadar event subscription wizard Managing a Micro Focus Security ArcSight Logger and Enterprise Security Manager (ESM) integration ArcSight event subscription wizard Managing a Quest IT Security Search integration (Preview) Managing a Syslog integration Syslog event subscription wizard Managing a Microsoft Sentinel integration Microsoft Sentinel event subscription wizard
Webhook technical insights
Change Auditor Threat Detection Deployment Change Auditor Threat Detection Dashboard Change Auditor PowerShell Command Guide Change Auditor Dialogs
Change Auditor dialogs
Quest Change Auditor dialog Add Administrator Add Agents, Domains, Sites dialog Add Container dialog Add Active Directory Container dialog (AD Query) Add Facilities or Event Classes dialog Add Facilities or Event Classes dialog (Add With Events) Add File System Path dialog Add Foreign Forest Credential Add Group Policy Container dialog Add Local Account dialog Add Logons dialog Add Logons dialog (Add With Events) Add Object Classes dialog Add Object Classes dialog (Add With Events) Add Origin dialog Add Origin dialog (Add With Events) Add Registry Key dialog Add Results dialog Add Service dialog Add Service dialog (Add With Events) Add Severities dialog Add Severities dialog (Add With Events) Add SharePoint Path dialog Add SQL Instance dialog Add SQL Data Level Object Add Users, Computers or Groups dialog Add Where dialog Add Who dialog Advanced Deployment Options dialog Agent Assignment dialog Alert Body Configuration dialog Alert Custom Email dialog Auditing and Protection Templates dialog Authorizations: Application Group dialog Authorizations: Operations | Role Definitions | Task Definitions | Application Group Authorizations: Role dialog Authorizations: Task dialog Auto Deploy to New Servers in Forest dialog Browse for Folder dialog Browse SharePoint dialog Comments dialog Configuration Setup dialog Configure cepp.conf Auditing dialog Connection screen Coordinator Configuration tool Coordinator Credentials Required dialog Credentials Required dialog Custom Filter dialog Database Credentials Required dialog Directory object picker Domain Credentials dialog Eligible Change Auditor Agents dialog Event Logging dialog Export/Import dialog Install or Upgrade/Uninstall/Update Foreign Agent Credentials IP Address dialog Log page Logon Credentials dialog (Deployment page) Logon Credentials dialog (EMC Auditing wizard) Manage Connection Profiles dialog New Report Layout dialog Microsoft 365 dialog Rename dialog Save As dialog Select a SQL Instance and Database dialog Select Destination Folder dialog Select Exchange Users dialog Select Registry Key dialog Select SQL Reporting Services Template dialog Shared Mailboxes dialog SharePoint Credentials Required dialog When dialog
About Us

Welcome to Change Auditor Help

Previous Next

Welcome to Change Auditor Help

The Quest Change Auditor help system has been prepared to assist you in becoming familiar with Change Auditor. It is intended for network administrators, consultants, analysts, and any other IT professionals using the product.
The Change Auditor Core Functionality book explains the core functionality available in Change Auditor regardless of the product license that has been applied.
The Microsoft 365 and Microsoft Entra ID Auditing book contains information on auditing Microsoft 365 Exchange Online, SharePoint Online, OneDrive for Business, and Microsoft Entra ID.
The Change Auditor for Active Directory book contains information about the additional features that are available when a valid Change Auditor for Active Directory license has been applied.
The Change Auditor for Active Directory Queries book contains the additional features that are available when a valid Change Auditor for Active Directory Queries license has been applied.
The Change Auditor for Authentication Services book contains information about Authentication Services auditing.
The Change Auditor for Defender book contains information about Defender auditing.
The Change Auditor for EMC book contains installation and configuration information as well as details about the additional features that are available when a valid Change Auditor for EMC license has been applied.
The Change Auditor for Exchange book contains information about the additional features that are available when a valid Change Auditor for Exchange license has been applied.
The Change Auditor for Logon Activity book contains information about the additional features that are available when a valid Change Auditor for Logon Activity User and/or Change Auditor for Logon Activity Workstation license has been applied.
The Change Auditor for NetApp book contains installation and configuration information as well as details about the additional features that are available when a valid Change Auditor for NetApp license has been applied.
The Change Auditor for SharePoint book contains installation and configuration information as well as details about the additional features that are available when a valid Change Auditor for SharePoint license has been applied.
The Change Auditor for SQL Server book contains information about the additional features that are available when a valid Change Auditor for SQL Server license has been applied.
The Change Auditor for Windows File Servers book contains information about the additional features that are available when a valid Change Auditor for Windows File Servers license has been applied.
The Change Auditor PowerShell Command Guide book contains information about the available Microsoft PowerShell commands that you can use to manage your Change Auditor deployment.
The Change Auditor SIEM Integration Guide book describes the configuration required to implement an integration with third-party tools.
The Change Auditor Threat Detection Deployment Guide book gives information about how Change Auditor integrates with the Threat Detection server to process event data. It is intended for administrators who are responsible for the implementation, deployment, and monitoring of the Change Auditor Threat Detection deployment and configuration.
The Change Auditor Threat Detection User Guide book gives information about the Threat Detection dashboard functions and capabilities for IT and security analysts. It is also relevant to chief information security officers, security architects, network administrators, and auditors responsible for information security in large organizations who need to understand the functionality and abilities made possible using the solution.
The Change Auditor Dialogs book describes the information/controls on a dialog as well as the expected input. These dialog descriptions are displayed when you click the help button (or F1) on a dialog within the Change Auditor Client.
The About Us book contains contact information for the company headquarters and technical support.

 

Change Auditor Core Functionality

Previous Next

Change Auditor Core Functionality

The Change Auditor Core Functionality book explains the functionality available in Change Auditor regardless of the product license that has been applied.

Change Auditor Core Functionality

Previous Next

Change Auditor Core Functionality

The Change Auditor book explains the core functionality available in Change Auditor regardless of the product license that has been applied. It is intended for network administrators, consultants, analysts, and any other IT professionals using the product. It contains the following topics:
Change Auditor Overview: This section introduces Change Auditor and all of the available auditing modules.
Change Auditor Client Overview: This section provides instructions on how to start the Change Auditor client, manage connection profiles, as well as an overview of Change Auditor client components and how to customize the content displayed.
Agent Deployment: This section provides a description of the Deployment page which is used to deploy Change Auditor agents. It also provides instructions for deploying agents, changing advanced options, enabling auto deployment, and refreshing or clearing the Deployment page information.
Overview Page: This section provides a description of the Overview page which provides a real-time stream of events based on a ‘favorite’ search definition.
Searches: This section provides a description of the Searches page which contains a list of the searches available.
Search Results and Event Details: This section provides a description of the Search Results page which contains a list of the events returned as a result of a search query.
Custom Searches and Search Properties: This section provides a description of the Search Properties tabs and how to use these tabs to define custom searches.
Enable Alert Notifications: This section provides a description of the Alert tab (Search Properties tabs) and instructions on how to enable/disable alert notifications.
Administration Tasks: This section provides basic instructions for using the Administration Tasks tab to perform a variety of administration tasks.
Agent Configurations: This section provides a description of the Agent Configuration page (Administration Tasks tab) which is used to define and assign agent configurations.
Coordinator Configuration: This section provides a description of the Coordinator Configuration page (Administration Tasks tab) which is used to configure email notifications and define group membership expansion.
Purging and Archiving your Change Auditor Database: This section provides a description of the scheduled purging feature, including the Purge Jobs page (Administration Tasks tab) and Purge Job wizard which is used to define the criteria and schedule for a purge job.
Working with Private Alerts and Reports: This section provides a description of the disable private alert/report feature, including the Private Alerts and Reports page and instructions on how to disable private alerts/reports from the Administration Tasks tab
Generate and Schedule Reports: This section provides a description of the reporting feature and instructions on how to generate reports using the Change Auditor client and a description of the Report Layouts page (Administration Tasks tab) and Report tab (Search Properties tabs) which are used to define the layout and distribution of a report.
Change Auditor User Interface Authorization: This section provides a description of the User Interface Authorization page (Administration Tasks tab) which is used to define who is authorized to use the various Change Auditor client features.
Enable/Disable Event Auditing: This section provides a description of the Audit Event page (Administration Tasks tab) which is used to enable/disable event auditing and modify an event’s severity level or description.
Account Exclusion: This section provides a description of the Excluded Accounts page (Administration Tasks tab) which is used to define individual accounts to exclude from Change Auditor auditing.
Registry Auditing: This section provides a description of the Registry Auditing page (Administration Tasks tab) which is used to define the registry keys and events to audit.
Service Auditing: This section provides a description of the Service Auditing page (Administration Tasks tab) which is used to specify the system services to audit.
Agent Statistics and Logs: This section provides a description of the Agent Statistics page as well as the Agent System tray component.
Coordinator Statistics and Logs: This section provides a description of the Coordinator Statistics page as well as the Coordinator System tray component.
Change Auditor Commands: This section provides a brief description of the commands available throughout the Change Auditor client.
Change Auditor Email Tags: This section describes the email tags that can be used to customize your email alerts.

 

Change Auditor Overview

Previous Next

Change Auditor Overview

Change Auditor provides total auditing and security coverage for your enterprise network. Change Auditor audits the activities taking place in your infrastructure and, with real-time alerts, delivers detailed information about vital changes and activities as they occur. Instantly know who made the change including the IP address of the originating workstation, where and when it occurred along with before and after values. Then automatically turn that information into intelligent, in-depth forensics for auditors and management — and reduce the risks associated with day-to-day modifications.
Audit critical changes across your enterprise including Active Directory, Microsoft Entra ID, Microsoft 365 Exchange Online\SharePoint Online\OneDrive for Business, Exchange, Windows File Servers, NetApp, EMC, SQL Server, and SharePoint.
Collect user login and log out activity for regulatory compliance and user activity tracking.
Automate ongoing compliance with tracking and reporting for compliance initiatives such as SOX, PCI-DSS, HIPAA, FISMA, GLBA, and more.
Speed troubleshooting through real-time insight into changes with a comprehensive audit library including built-in audit alerts, reports, and powerful searches.
Proactively protect (lock down) critical Active Directory objects, Exchange mailboxes, and Windows files and folders from harmful changes that could open security holes or cause resources to become unavailable.
Modular approach allows separate product deployment and management for key environments including Active Directory, Exchange, Windows File Servers, NetApp, EMC, SQL Server, Active Directory Queries, SharePoint, and Logon Activity,.
Track, audit, report, and alert on critical changes made using Safeguard Authentication Services and Quest Defender.
Self Service Tools
Knowledge Base
Notifications & Alerts
Product Support
Software Downloads
Technical Documentation
User Forums
Video Tutorials
RSS Feed
Contact Us
Licensing Assistance
Technical Support
View All
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating