What are the new features and what has been resolved in Change Auditor 7.0.3?
解决办法
New Features:
Change Auditor and On Demand Audit integration:
Quest On Demand Audit is a Software as a Service (SaaS) application, available through quest-ondemand. com that provides extensive, customizable auditing of critical activities and detailed alerts about vital changes taking place in Microsoft Office 365 and Azure Active Directory. By integrating with Change Auditor and sending Active Directory event data, you can gain visibility to on premises changes (including events gathered up to 30 days prior to installing or upgrading Change Auditor 7.0).
Azure Active Directory and Office 365 enhancements:
Events added that track changes to calendar delegation, group membership in SharePoint Online, folder permissions in online mailboxes, inbox rules for online mailboxes, and file synchronizations between OneDrive for Business and a local OneDrive folder
Ability to specify the generic events to exclude from auditing based on their operations. (The Office 365 OneDrive for Business event, Office 365 SharePoint Online event, and Office 365 Exchange Online event are generic dynamically constructed events created when associated activity is detected that does not have a corresponding event defined in Change Auditor.)
Ability to search on the group membership changes for SharePoint Online and OneDrive by specifying the group or member as the search criteria
Ability to search both target and subject (secondary target) display names using additional event columns (Azure - Subject Sync Type, Azure - Subject Display Name, Azure - On-premises Subject, and Subject Name).
Ability to use subject as search criteria in the "Target" field for Azure Active Directory searches.
Threat Detection enhancements:
Ability to upgrade your existing Threat Detection server through PowerShell using the Update- CAThreatDetectionServer command.
The Threat Detection dashboard displays high risk user details such as their photo, display or logon name, job title, department, and their address. When investigating a user or an alert for a specific user, you will also see details such email and their manager’s email address, department, and office.
Threat Detection dashboard displays local date and time.
Additional internal events
Events to track changes to Application user interface roles, tasks, and application groups
Event generated when a purge/archive job fails.
Events to track changes to Splunk, QRadar, ITSS and ArcSight subscriptions.
Additional platform support:
Windows Server 2019 for web client and Logon Activity auditing
Windows Server 2019 Server Core (Active Directory, File system, Registry, Services, local user and group and Exchange 2019 auditing only)
Microsoft SharePoint Server 2016
Microsoft Exchange Server 2010 RU26 and RU27
Microsoft Exchange Server 2013 CU22 and CU23
Microsoft Exchange Server 2016 CU13
Microsoft Exchange Server 2019 and 2019 CU1
Microsoft SQL Server 2012 SP4 for SQL auditing
Microsoft SQL Server 2014 SP3 for SQL and SQL DLA auditing, and coordinator database
Microsoft SQL Server 2017 for SQL auditing
.NET 4.7.
1 Framework for the coordinator
SCOM 2012 and 2016
GPOADmin 5.13.5
Active Roles Server 7.3.2
EMC Unity 4.5.0
NetApp 9.5
One Identity Defender 5.9.3
One Identity Authentication Services 4.2
The following are no longer supported:
Windows 7 for the Change Auditor windows client
Windows Server 2008 R2 for all components except agents
SQL server 2008 and SQL Server 2008 R2 for coordinator database, direct database connection, SQL and SQL DLA auditing
SCOM 2007
Miscellaneous features and enhancements:
Ability to not send blank reports to email or shared folders for scheduled reports.
Resolved Issues:
Improved performance collecting ”Is Administrator” data – 107058
Exchange 2013 CU22 support – 125676
Unable to group by a column on the Deployment tab – 130030
Support for Windows Server 2019 Core (Active Directory, File system, Registry, Services and local user and group auditing only) – 131351
Azure Active Directory sign-in event processing may be delayed when recording a large number of events – 130719
Collation switch may fail during upgrade – 129355
Change Auditor client may fail while connecting to the coordinator with error "Value cannot be null" – 129909