Chat now with support
Chat with Support

InTrust 11.3 - System Requirements

Supported Platforms

Microsoft Windows Events

InTrust provides auditing and real-time monitoring facilities for the following logs in Windows event log format:

  • Windows Security Log
  • Windows System Log
  • Windows Application Log
  • Categorized event logs in the the Application and Services Logs container
  • Windows Directory Service Log
  • Windows DNS Server Log
  • Windows File Replication Service Log
  • Active Roles Server Log (EDM Server Event Log)
  • InTrust for MIIS Log
  • InTrust Server Log
  • Custom data source of "Windows Event Log" type

Server side:

  • InTrust Server

Processed computer:

Architecture

  • x64
  • x86 where applicable

Operating System

Any of the following:
  • Microsoft Windows Server 2016
  • Microsoft Windows 10
  • Microsoft Windows Server 2012 R2
  • Microsoft Windows Server 2012
  • Microsoft Windows 8
  • Microsoft Windows Server 2008 R2
  • Microsoft Windows Server 2008
  • Microsoft Windows 7

Additional Software and Services

  • For data gathering without agents: Remote Registry Service
Rights and permissions for gathering without agents:
  • Access this computer from the network right.
  • Deny access to this computer from network right must be disabled.
  • Manage auditing and security log right to gather events from the Security log; members of the local Administrators group have this right by default.
  • Starting with Windows Server 2008, the Network access: Remotely accessible registry paths and sub-paths policy must be enabled, and the following registry paths must be added to it:
    • Software\Microsoft\Windows NT\CurrentVersion
    • System\CurrentControlSet\Services\EventLog
    • System\CurrentControlSet\Control\TimeZoneInformation
  • Starting with Windows Server 2008, to make the Security log accessible for gathering using a specific account, this account must have the Read permission on the HKLM\CurrentControlSet\Services\EventLog\Security registry key.
  • Starting with Windows Vista, if the Windows firewall is enabled, the "Remote Event Log Management" exception should be added to its configuration. Otherwise, the Category field is not resolved in the gathered events.
  • To clear logs after gathering: membership in the local Administrators group and an open Admin$ share.
  • To permit agentless gathering of logs in the Application and Services Logs container, enable Remote Event Log Management in the list of allowed programs and features in Windows Firewall configuration.
Rights and permissions for gathering with agents and real-time monitoring:

The following rights and permissions must be assigned to the InTrust agent account if the agent is not running under the LocalSystem account:

  • Manage auditing and security log right is required to gather events from the Security event log.

Note: For more information about job and task accounts, ee the Understanding Jobs and Tasks topic and Minimal Rights and Permissions Required for InTrust Operations.

Microsoft IIS Events

Server side:

  • InTrust Server
  • Microsoft IIS Administrative Components for data gathering without agents

Processed computer:

Architecture
  • x64
  • x86 where applicable
Microsoft Internet Information Services 7.0 or later
Additional Software and Services
  • For data gathering without agents: Remote Registry Service
  • For data gathering with agents: Microsoft IIS Administrative Components
  • For executing response action scripts: Microsoft Windows Script Host 5.6 or later
  • For gathering IIS 7.0 logs: the IIS 6 Metabase Compatibility role service (Management Tools | IIS 6 Management Compatibility | IIS 6 Metabase Compatibility in the IIS role service tree) must be installed

Notes:

  • Monitoring of IIS 7.0 FTP logs is not supported; gathering of IIS 7.0 FTP logs with Create agent-side audit log backup option turned on is not supported.
  • On 64-bit architectures, IIS must be running in 32-bit mode.
Rights and permissions for data gathering without agents:
  • Access this computer from the network right
  • Deny access to this computer from network right must be disabled
  • Membership in the local Administrators group
  • Membership in the local Site Operators group
  • Read permission to the HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation registry key
  • Read permission to the HKLM\SYSTEM\CurrentControlSet\Control\Nls\Language registry key
  • Read and List Folder Contents permissions on log file folders; the Delete permission must also be granted if the Clear log after gathering option is turned on for the data source
Rights and permissions for data gathering with agents:

The following rights and permissions must be assigned to the InTrust agent account if the agent is not running under the LocalSystem account:

  • Membership in the local Site Operators group
  • Read permission to the HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation registry key
  • Read and List Folder Contents permissions to log file folders; the Delete permission must also be granted if the Clear log after gathering option is turned on for the data source
Rights and permissions for real-time monitoring:

The InTrust agent account must have the following privilege if the agent is not running under the LocalSystem account:

  • Membership in the Site Operators group

Note: For more information about job and task accounts, see the Understanding Jobs and Tasks topic and Minimal Rights and Permissions Required for InTrust Operations.

Microsoft Forefront Threat Management Gateway and ISA Server Events

Server side:

  • InTrust Server
  • Microsoft ISA Administrative Components for data gathering without agents

Processed computer:

Architecture x86
Microsoft Forefront Threat Management Gateway or ISA Server Any of the following:
  • Forefront Threat Management Gateway 2010 (gathering without agents is not supported)
  • ISA Server 2006 (gathering without agents is not supported)
  • ISA Server 2004 (gathering without agents is not supported)
Additional Software and Services
  • For data gathering with agents: Microsoft ISA Administrative Components
Rights and permissions for data gathering with agents:

The following rights and permissions must be assigned to the InTrust agent account if the agent is not running under the LocalSystem account:

  • Read permission to the server (or server array) configuration
  • Read permission to the HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation registry key
  • Read and List Folder Contents permissions to log file folders; the Delete permission must also be granted if the Clear log after gathering option is turned on for the data source
Requirements for gathering Threat Management Gateway logs in SQL Server Express format without agents:
  • RPC connections to the Threat Management Gateway server must be allowed.
  • The SQL Server instance named "MSFW" on the Threat Management Gateway server must be made remotely available.
  • The Microsoft TMG Management Console must be installed on the InTrust server.

Note: For more information about job and task accounts, ee the Understanding Jobs and Tasks topic and Minimal Rights and Permissions Required for InTrust Operations.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating