Chat now with support
Chat with Support

Welcome, erwin customers to Quest Support Portal click here for for frequently asked questions regarding servicing your supported assets.

InTrust 11.3 - InTrust Reports

Security

Advanced Forensic Analysis

Security Subsystem Faults

Audit subsystem faults

This InTrust report displays information on problems with Microsoft IIS logging. This data helps examine audit subsystem health of specified servers.

Suspicious Activity

Published Resources Access

FTP site detailed access analysis

  • This InTrust report helps perform detailed analysis of FTP events.

Web site detailed access analysis

  • This InTrust report helps perform detailed analysis of HTTP events.

Suspicious Requests

FTP site failed logons

  • This InTrust report shows all failed FTP logons. Numerous FTP logon failures may indicate intrusion attempts.

Web site all requests

  • This Intrust report displays general information related to the Web requests.

Common Security Incidents

Gaining Privileged Access

Administration web sites access attempts

This InTrust report shows attempts to gain access to administration sites from the Web. An administration Web site can usually be accessed on port 5466. Normally, access is allowed only from the local host, so access attempts from the Web can indicate unauthorized access.

Administrative folders access attempts

Administrative folders are critical resources, because they allow gaining access to server management. This InTrust report enables you to monitor administrative folder access attempts performed from the Web.

Gaining User Access

FTP site daily failed logons [chart]

This InTrust chart presents statistics on failed attempts to log on to an FTP server. Multiple FTP server logon attempts displayed as graph spikes may indicate a brute force attack.

Multiple Failed FTP Server Logon Attempts detailed

Multiple failed FTP server logon attempts may indicate a brute force attack. This InTrust report shows detailed information on each session all requests, date and time, client IP and server where the user tried to log on.

Web site daily failed logons [chart]

This InTrust chart displays failed Web server access events. Spikes in the graph indicate abnormal numbers of errors. Peaks might indicate Denial of Service attacks against the server. The X-axis represents time, and the Y-axis represents the number of events.

Web Site Usage

Clients

Web site daily unique visitors [chart]

This InTrust chart graphically shows the number of new visitors who have visited a Microsoft Internet Information Server web site for each day over a specified period of time.

Web site most active clients

This InTrust report lists the specified number of most active Microsoft IIS web site visitors. For each client the following information is provided: IP address, name resolution, country and the number of hits over a specified period of time.

Web site visits per client [chart]

This InTrust chart graphically shows the frequency of visits for all Microsoft Internet Information Server web site clients. This information can be used to determine the percentage of users that visit the site repeatedly.

Diagnostics

Web site failed access statistics [chart]

This InTrust chart shows Microsoft Internet Information Server errors. A large number of certain types of errors may reveal suspicious activity, or indicate potential problems

Web site unauthorized access attempts by client IP

This InTrust report provides information on unauthorized access attempts of Web resources grouped by visitor IPs.

Web site unauthorized access attempts by resource

This InTrust report provides information on unauthorized access attempts of web resources grouped by resource name.

Referrals

Web site access by referring sites [chart]

This InTrust chart provides statistics on access to a web site from referring sites.

Traffic

WEB site daily traffic [chart]

This InTrust chart provides statistics on web site daily traffic (in Kbytes) for the specified date.

Web site total statistics

This InTrust report provides aggregate statistics for Microsoft Internet Information Server WWW.

Oracle Reports

This section contains a list of reports included in the InTrust11.3 Report Pack for Oracle.

Administrative users audit

Administrative users activity [Unix]

This InTrust report shows the results of administrative users activity auditing. The report displays Oracle host and instance to which the user was connected, action date and time, user name and privilege, action taken, and action return code.

Administrative users activity [Windows]

This report shows the results of administrative users activity auditing. The report displays Oracle host and instance to which the user was connected, action date and time, user name and privilege, action taken, and action return code.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating