This report requires the InTrust Plug-in for Active Directory Service to be installed on domain controllers. This report contains combined Exchange-related information from the InTrust for Exchange event log, the InTrust for AD event log, and the Application log.
This report shows general Exchange event statistics. You can click a number in the report to view a sub-report with details of the events that the number represents.
This report shows changes to the configuration of the Exchange organization in Active Directory. This report requires ChangeAuditor for Active Directory to be installed on domain controllers.
This InTrust report shows successful and failed logons of all types by the specified privileged users. By default, only the "Admin" and "Administrator" user names are included. Change the filters to include any other privileged users you need. For failed logons, reasons are displayed. The report uses only Security log events.
This InTrust report shows failed logons of all types. Failure reasons are indicated. The report uses only Security log events.
This InTrust report shows patterns where multiple logon failures occurred in a row, possibly indicating a brute-force attack. Detailed information about the logon failures is provided. The report uses only Security log events. Click a number in the Attempts column to view the details of logon failures in a subreport.
This InTrust report shows successful and failed logons of all types except 'Network'. For failed logons, reasons are displayed. The report uses only Security log events.
This report shows store operations.
This InTrust report helps you monitor how Send permissions are used. Set the MS Exchange diagnostics logging on the 'Send as' and 'Send on behalf of' on Exchange server to minimum level.
This report shows successful MAPI logons to mailboxes in your Exchange environment. The MAPI protocol is used by clients such as Microsoft Outlook. The report helps you find out who uses which personal or shared mailboxes. This report requires setting the MS Exchange diagnostics logging on the MSExchangeIS at least to minimum level on Exchange server.
This report provides information about delegate assignment, including delegate creation, delegate removal, and changes to permissions granted to delegates via Microsoft Outlook.
This report provides information about delegate assignment, including delegate creation, delegate removal, and changes to permissions granted to delegates.
This report shows changes to folder permissions in mailboxes (client permissions changes). The report contains old permissions value and new permission value.
This report shows details about changes to user mailbox security settings. The report displays Access Control Entries that were added, deleted, or modified in the ACL of the mailbox. The report helps identity which permissions on which mailboxes were granted to or revoked from which accounts. This report requires ChangeAuditor for Active Directory to be installed on domain controllers.
This report shows Folder Permission changes.
This report shows changes to the configuration of the Exchange organization in Active Directory. This report requires ChangeAuditor for Active Directory to be installed on domain controllers.
This report shows a color-coded summary of all mailbox access events that occurred in your environment. The baseline is configured in a report parameter. From each section you can drill down to a list of changes associated with the selected number. Comparing the actual number within a particular category with the specified baseline can help detect abnormal administrative activity, discover violations, and improve procedures established in the environment.
This report shows a color-coded summary of all mailbox permissions changes events that occurred in your environment. The baseline is configured in a report parameter. From each section you can drill down to a list of changes associated with the selected number. Comparing the actual number within a particular category with the specified baseline can help detect abnormal administrative activity, discover violations, and improve procedures established in the environment.
This report shows a color-coded summary of all protected groups changes events that occurred in your environment. The baseline is configured in a report parameter. From each section you can drill down to a list of changes associated with the selected number. Comparing the actual number within a particular category with the specified baseline can help detect abnormal administrative activity, discover violations, and improve procedures established in the environment.
This InTrust report shows details about actions preformed with shadow copies. Report contains information about create, delete and rollback actions.
This InTrust report shows who gained what type of access to files and folders that ChangeAuditor for Windows File Servers monitors. Data in the report is grouped by file server.
This InTrust report shows who gained what type of access to files and folders that ChangeAuditor for Windows File Servers monitors. Data in the report is grouped by user, then by file server.
This InTrust report shows files and folders for which the largest number of access attempts occurred. The time of the last access attempt is included.
This InTrust report shows statistics for users who access monitored files and folders most actively. The time of the last access attempt is included.
This InTrust report shows files and folders which were modified the most times. The time of the last modification and the user responsible are displayed.
This InTrust report shows files and folders for which the largest number of failed access attempts occurred.
This InTrust report shows statistics for users who access monitored files and folders most actively. The time of the last access attempt is included. Access attempts are grouped by operation.
This InTrust report shows users with the largest number of failed attempts to access files and folders that ChangeAuditor for Windows File Servers monitors. The time of the last failed access attempt is included.
This report shows all events from ChangeAuditor for EMC log
This report shows all events from ChangeAuditor for EMC log
This InTrust report shows successful and failed logons of all types by the specified privileged users. By default, only the "Admin" and "Administrator" user names are included. Change the filters to include any other privileged users you need. For failed logons, reasons are displayed. The report uses only Security log events.
This InTrust report shows failed logons of all types. Failure reasons are indicated. The report uses only Security log events.
This InTrust report shows patterns where multiple logon failures occurred in a row, possibly indicating a brute-force attack. Detailed information about the logon failures is provided. The report uses only Security log events. Click a number in the Attempts column to view the details of logon failures in a subreport.
This InTrust report shows successful and failed logons of all types except 'Network'. For failed logons, reasons are displayed. The report uses only Security log events.
This report shows all events from Change Auditor for NetApp log
This report shows all events from Change Auditor for NetApp log
This InTrust report shows who and when recently changed shares.
This report displays user logon sessions from different computers that overlapped in time. The report uses advanced logon events generate
d by InTrust agents.
This report shows how long users' interactive logon sessions lasted each day. The report uses advanced logon events generated by InTrust agents.
This InTrust report shows audit policy changes. Audit policy should be modified by administrative accounts only; otherwise these changes can indicate a security breach. Failure of the administrator to duly perform audit policy management tasks may lead to security violations.
This InTrust report shows local group changes. Groups should be created, deleted, or changed by administrators. If the administrator fails to duly perform group management tasks, this may lead to user rights misrule and security violations.
This InTrust report shows local group membership changes. User accounts should be added to or removed from groups by administrators. If the administrator fails to duly perform group membership management tasks, this may lead to user rights misrule and security violations.
This InTrust report shows changes to local user accounts. User accounts should be created, deleted, enabled, or disabled by administrators. If the administrator fails to duly perform account management tasks, this may lead to account misrule and even security violations.
This InTrust report shows successful and failed logons of all types. For failed logons, reasons are displayed. This helps analyze who tried to log on to which computers from which workstations.
For correct results, this report relies on the "Workstations: Removable devices attached/detached" real-time monitoring policy and real-time monitoring rules from "Use of removable media" folder.
This InTrust report shows user account locked out and unlocked. A user account can be locked in accordance with the Account Lockout Policy (as a rule, after an incorrect password is entered several times in a row). Such a situation may mean password-guessing, especially if an administrative account gets locked. Click a user account in the report to view its details.
For each interactive logon session this report shows its start and termination time and how long it lasted. The report uses advanced logon events generated by InTrust agents.
This InTrust report shows whether the applications you specify were started. If an application is prohibited, its launch may indicate a security issue. What is more, running restricted software often means corporate policy violations.
This InTrust report shows attempts to access registry keys. Access to some registry keys (particularly the startup keys) may be unwarranted.
This InTrust report shows modifications of the registry values on Windows Vista (and later) machines. The report is based on EventID=4657. Note: Some value changes cannot be displayed due to specific data type.
This InTrust report helps track what software products are installed or failed to install on which computers. The report shows only those products whose setup programs use Windows Installer. Using the Grouping filter, you can organize the information as necessary. To see what software was installed on particular computers, use grouping by computer. To find out where certain software products were installed, use grouping by software product.
This InTrust report shows successful and failed logons of all types by the specified privileged users. By default, only the "Admin" and "Administrator" user names are included. Change the filters to include any other privileged users you need. For failed logons, reasons are displayed. The report uses only Security log events.
This InTrust report shows failed logons of all types. Failure reasons are indicated. The report uses only Security log events.
This InTrust report shows patterns where multiple logon failures occurred in a row, possibly indicating a brute-force attack. Detailed information about the logon failures is provided. The report uses only Security log events. Click a number in the Attempts column to view the details of logon failures in a subreport.
This InTrust report shows successful and failed logons of all types except 'Network'. For failed logons, reasons are displayed. The report uses only Security
This section contains a list of reports intended for viewing via Microsoft System Center Operations Manager console; they are based on data from Windows security log collected using Audit Collection Services (ACS) and then stored to InTrust Audit database for analysis and reporting.
The special 'InTrust for ACS management pack deployment status' report displays the status of Quest InTrust for ACS Management Pack deployment to Operations Manager agents.
This InTrust report shows computer accounts changes. Computer accounts should be created, deleted, renamed, or changed by administrative accounts only. If the administrator fails to duly perform computer account management tasks, this may lead to security violations.
This InTrust report shows domain trust changes. Domain trusts should be added, removed, or modified by administrative accounts only. If the administrator does not duly perform domain trust management tasks, this may lead to security violations.
This InTrust report shows file access attempts. Access to certain files may be unwarranted.
This InTrust report shows group changes. Groups should be created, deleted, or changed by administrators. If the administrator fails to duly perform group management tasks, this may lead to user rights misrule and security violations.
This InTrust report shows Group Policy objects access attempts. Access to this type of objects may be unwarranted. Such events often indicate changes to the policies, and they need to be tracked. Note This report is based on object access events from the Security log.
This report displays the status of Quest InTrust for ACS Management Pack deployment to Operations Manager agents (ACS-forwarders). The Management Pack provides for complementing ACS database records with the information required to comply with InTrust repository and Audit database format.
This InTrust chart graphically represents logon activity in your network, visualizing, for example, statistics for logons that failed due to different reasons (for example, bad password, disabled user account, etc.). The chart allows you to detect trends in logon activity and analyze anomalies.
In the Windows environment different logon types are registered by the system depending on what kind of resource a user accesses. This InTrust report shows all logon types such as interactive logons to domains, access to shared folders, dial-up connections to the network, and so on, and groups logon statistics.
This InTrust report shows when account passwords were reset and who reset them. An entry in the report means that the password was either reset or changed. By default, only user accounts are included, but you can use the User Accounts filter if you want to include computer accounts as well.
This InTrust report shows changes to user accounts. User accounts should be created, deleted, enabled, or disabled by administrators. If the administrator fails to duly perform account management tasks, this may lead to account misrule and even security violations.
This InTrust report shows changes to user rights. User rights should be assigned or removed by administrators. If the administrator fails to duly perform user rights management tasks, this may lead to user rights misrule and security violations.
© ALL RIGHTS RESERVED. Feedback Terms of Use Privacy Cookie Preference Center
