Recovery Manager for Active Directory performs Active Directory recovery at any level: from individual objects and attributes to entire domains and, in the case of Recovery Manager for Active Directory Forest Edition, even Active Directory forests. IT Security Search lets you track recovery-related activity. Enabling the Recovery Manager for Active Directory data link makes it possible to list available backup states and restore objects to any of them.
NOTE: You cannot perform forest-level recovery from IT Security Search.
To start configuring the Recovery Manager for Active Directory data link, select the Connector enabled option. To set up connection to Recovery Manager for Active Directory, configure the following:
For up-to-date details about the permissions required for access to Recovery Manager for Active Directory, see the Recovery Manager for Active Directory Deployment Guide.
To make sure that you have specified valid account or accounts, click the Test connection link. This verifies that the credentials are valid and suitable for running searches. However, it does not ensure that the Active Directory access account can perform recovery operations.
Active Roles simplifies and streamlines creation and ongoing management of user accounts, groups and other objects in Active Directory. Generally, whenever you are looking for an answer to the question “What is known about this user or group?” in IT Security Search, the data can be provided by Active Roles.
Active Roles brings information about the following:
To start configuring the Active Roles data link, select the Connector enabled option. To set up connection to the Active Roles server, configure the following settings:
To verify that your Active Roles server access works, click the Test Connection link.
Finally, click Apply.
Caution: For the connection to the Active Roles server to work, make sure that port 15172 is opened for both inbound and outbound traffic on that server.
Management history synchronization between IT Security Search and Active Roles does not happen directly. IT Security Search uses its own “warehouse” component as an intermediary data store. The first synchronization can take a long time, because all available history has to be processed. After that, synchronization involves only the most recent data.
The Splunk connector retrieves searchable data from Splunk.
The connector has the following minimal configuration options:
One additional setting that you may want to configure is the number of retrieved Splunk results. By default, Splunk returns 50,000 objects, whereas IT Security Search shows 100,000 per page. To make these limits consistent, take the following steps:
A predefined Splunk-to-IT Security Search field mapping is provided out of the box. If you find that this mapping doesn't suit you, call Quest Support. This will help improve Splunk integration for you and everyone else.
IT Security Search 11.5.1 contains an early implementation of support for retrieval of forwarded Change Auditor data in the Warehouse connector. This feature preview is provided as-is, so that you can try it out, give us feedback and help us make it more useful in a future release.
First, make sure the ITSS.Warehouse service is running on your IT Security Search server. This is required for a successful Change Auditor subscription.
To make Change Auditor push audit data to Warehouse, run the CreateCAITSSEventSubscription.ps1 PowerShell script, which is located in the <Change Auditor installation folder>\Client\PowerShell Sample Scripts folder on your Change Auditor coordinator. This will start a multi-step configuration procedure in the command prompt, where you will need to specify the settings for your particular environment.
The following are examples of values that you can supply for some of the prompts:
NOTES:To find out which port is used, check the HKEY_LOCAL_MACHINE\SOFTWARE\Quest\IT Security Search Warehouse API\ListenPort registry value on the IT Security Search server. To see whether HTTPS is used instead of HTTP, check the HKEY_LOCAL_MACHINE\SOFTWARE\Quest\IT Security Search Warehouse API\ListenScheme registry value.
The following additional scripts are also provided to let you manage your IT Security Search subscriptions: