Chat now with support
Chat with Support

Change Auditor 7.5 - User Guide

Welcome to Change Auditor Help Change Auditor Core Functionality
Change Auditor Core Functionality Change Auditor Overview Agent Deployment Change Auditor Client Overview Overview Page Searches Search Results and Event Details Custom Searches and Search Properties Enable Alert Notifications Administration Tasks Agent Configurations Coordinator Configuration Purging and Archiving your Change Auditor Database Working with Private Alerts and Reports Generate and Schedule Reports SQL Reporting Services Configuration Change Auditor User Interface Authorization Client Authentication Certificate authentication for client coordinator communication Integrating with On Demand Audit Enable/Disable Event Auditing Account Exclusion Registry Auditing Service Auditing Agent Statistics and Logs Coordinator Statistics and Logs Change Auditor Commands Change Auditor Email Tags
Microsoft 365 and Microsoft Entra ID Auditing Change Auditor for Active Directory
Change Auditor for Active Directory Overview Custom Active Directory Searches and Reports Custom Active Directory Object Auditing Custom Active Directory Attribute Auditing Member of Group Auditing Active Directory Federation Services Auditing ADAM (AD LDS) Auditing Active Directory Database Auditing Active Roles Integration Quest GPOADmin Integration Active Directory Protection Event Details Pane About us
Change Auditor for Authentication Services Change Auditor for Defender Change Auditor for EMC Change Auditor for Exchange Change Auditor for Windows File Servers Change Auditor for Active Directory Queries Change Auditor for Logon Activity Change Auditor for NetApp Change Auditor for SharePoint Change Auditor for SQL Server Change Auditor SIEM Integration Guide
Webhooks in Change Auditor Integrating Change Auditor and SIEM Tools Subscription Management
Adding the PowerShell module Viewing available commands and help Connecting to Change Auditor Managing subscriptions Working with event subscriptions in the client Managing a Splunk integration Splunk event subscription wizard Managing an IBM QRadar integration QRadar event subscription wizard Managing a Micro Focus Security ArcSight Logger and Enterprise Security Manager (ESM) integration ArcSight event subscription wizard Managing a Quest IT Security Search integration (Preview) Managing a Syslog integration Syslog event subscription wizard Managing a Microsoft Sentinel integration Microsoft Sentinel event subscription wizard
Webhook technical insights
Change Auditor Threat Detection Deployment Change Auditor Threat Detection Dashboard Change Auditor PowerShell Command Guide Change Auditor Dialogs
Change Auditor dialogs
Quest Change Auditor dialog Add Administrator Add Agents, Domains, Sites dialog Add Container dialog Add Active Directory Container dialog (AD Query) Add Facilities or Event Classes dialog Add Facilities or Event Classes dialog (Add With Events) Add File System Path dialog Add Foreign Forest Credential Add Group Policy Container dialog Add Local Account dialog Add Logons dialog Add Logons dialog (Add With Events) Add Object Classes dialog Add Object Classes dialog (Add With Events) Add Origin dialog Add Origin dialog (Add With Events) Add Registry Key dialog Add Results dialog Add Service dialog Add Service dialog (Add With Events) Add Severities dialog Add Severities dialog (Add With Events) Add SharePoint Path dialog Add SQL Instance dialog Add SQL Data Level Object Add Users, Computers or Groups dialog Add Where dialog Add Who dialog Advanced Deployment Options dialog Agent Assignment dialog Alert Body Configuration dialog Alert Custom Email dialog Auditing and Protection Templates dialog Authorizations: Application Group dialog Authorizations: Operations | Role Definitions | Task Definitions | Application Group Authorizations: Role dialog Authorizations: Task dialog Auto Deploy to New Servers in Forest dialog Browse for Folder dialog Browse SharePoint dialog Comments dialog Configuration Setup dialog Configure cepp.conf Auditing dialog Connection screen Coordinator Configuration tool Coordinator Credentials Required dialog Credentials Required dialog Custom Filter dialog Database Credentials Required dialog Directory object picker Domain Credentials dialog Eligible Change Auditor Agents dialog Event Logging dialog Export/Import dialog Install or Upgrade/Uninstall/Update Foreign Agent Credentials IP Address dialog Log page Logon Credentials dialog (Deployment page) Logon Credentials dialog (EMC Auditing wizard) Manage Connection Profiles dialog New Report Layout dialog Microsoft 365 dialog Rename dialog Save As dialog Select a SQL Instance and Database dialog Select Destination Folder dialog Select Exchange Users dialog Select Registry Key dialog Select SQL Reporting Services Template dialog Shared Mailboxes dialog SharePoint Credentials Required dialog When dialog
About Us

Custom Active Directory attribute auditing

Previous Next

Custom Active Directory attribute auditing

To define custom attribute auditing:
1
Open the Administration Tasks tab.
2
Click Auditing.
3
Select Attributes under Active Directory in the Auditing task list.
4
Select an object class from the list located across the top of this page. (This list box contains the default object classes and the object classes selected on the Active Directory Auditing page.)

Selecting an entry in this list will populate the lists across the bottom of the dialog with the applicable attributes.

If your current installation includes a foreign forest, the Select Foreign Forest dialog opens where you can select the required forest.

5
In the Unmonitored Attribute list, located in the lower left pane of this page, select one or more attributes and click Add to select them for auditing.

You can also double-click an attribute to select it for auditing or ‘drag and drop’ it into the Monitored Attribute list.

6
To change the severity level assigned to an attribute, in the right-hand list box, place your cursor in the Severity cell and use the drop-down arrow to select the severity you want to assign to the selected attribute.
7
To remove an attribute from auditing, select the attribute from the right-pane and click Remove. This moves the selected attribute back into the Unmonitored Attribute list.

You can also double-click an attribute to remove it from auditing or ‘drag and drop’ it back into the Unmonitored Attribute list.

8
Once you have selected at least one attribute for auditing, the associated Monitored Attributes column in the list box across the top of this page will display the number of attributes selected for auditing. This value will also be displayed in the Monitor Attributes column back on the Active Directory Auditing page.

 

Member of Group Auditing

Previous Next

Member of Group Auditing
Introduction
Member of Group Auditing page
Member of Group auditing list
Member of Group Auditing wizard

Introduction

Previous Next

Introduction

Member of Group auditing allows you to audit specific users based on their group membership.

* 
IMPORTANT: By default, Change Auditor monitors the user object class at the enterprise level. To limit the scope of users who will be audited, delete the user object class from the Active Directory Auditing page. Then use the Member of Group Auditing page to define the users to be audited.

The Group Membership Expansion pane on the Coordinator Configuration page (Administration Tasks tab) allows you to define and schedule the expansion of nested membership of the Active Directory groups defined on the Member of Group Auditing page. See the Quest Change Auditor User Guide for more information on defining group membership expansion behavior.

Member of Group Auditing page

Previous Next

Member of Group Auditing page

The Member of Group Auditing page is displayed when you select Member of Group from the Auditing task list in the navigation pane of the Administration Tasks page. Member of Group auditing allows you to meet your auditing requirements by specifying the users to be audited based on their group membership.

This page list the groups whose users are to be audited based on their group membership. To add a group to this list, use the Add tool bar button. Once added, the following information is displayed:

* 
NOTE: Authorization to use the administration tasks on the Administrations Tasks tab is defined using the Application User Interface page under the Configuration task list. If you are denied access to the tasks on this page, refer to the Quest Change Auditor User Guide for more information on how to gain access.
Group

Displays the name of the group.

Display Name

If applicable, this column shows the display name assigned to the groups listed.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating