Change Auditor 7.0.2 - Release Notes

IT Security Search requirements

IT Security Search is a web-based interface that correlates IT data from numerous systems and devices into an interactive search engine for fast security incident response and forensic analysis. As a Change Auditor customer, you can access IT Security Search from our Autorun and begin to apply its many features.

IT Security Search supported up to the following versions

IT Security Search 11.4.1

Auditing requirements

Change Auditor

Change Auditor for Exchange

Exchange Servers supported up to the following versions

Windows Server 2008 R2 SP1

Windows Server 2012

Windows Server 2012 R2

Windows Server 2016

For more information

See the Change Auditor for Exchange User Guide for information about using Change Auditor for Exchange.

Change Auditor

Change Auditor for SQL Server

SQL Servers supported up to the following versions

SQL Server 2008: Using SQL Server Configuration Manager, add the string “;-T1906” to the end of the SQL Server Startup Parameters on the Advanced tab in the SQL Server Properties dialog.
SQL Server 2012 and newer: Using SQL Server Configuration Manager, add the startup parameter “-T1906” on the Startup Parameters tab in the SQL Server Properties dialog.

This requires a SQL Server service restart.

For more information

See the Change Auditor for SQL Server User Guide for information about using Change Auditor for SQL Server.

Change Auditor

Change Auditor for SQL Server

SQL Servers supported up to the following versions

 

For more information

See the Change Auditor for SQL Server User Guide for information about using Change Auditor for SQL Server.

Change Auditor

Change Auditor for Authentication Services

Authentication Services -Latest supported version

Authentication Services 4.1

Change Auditor

Change Auditor for Defender

Defender — Latest supported version

Defender 5.8.2

Change Auditor

Change Auditor for EMC

EMC Celerra/VNX - Supported up to the following versions

EMC Common Event Enabler (CEE) Framework up to 8.5.1

EMC Celerra Event Enabler (CEE) Framework 4.6.7

EMC VNX Event Enabled (VEE) Framework 4.8.5 (through 5.1)

EMC Isilon - Supported up to the following versions

EMC Common Event Enabler (CEE) Framework up to 8.5.1

EMC Unity - Supported up to the following versions

EMC Unity 4.4.1

EMC Common Event Enabler (CEE) Framework up to 8.5.1

To enable auditing, you must configure CEE using EMC Unisphere:

Select STORAGE | File | NAS Servers. Open the server properties and select Event Publishing. Select to Enabling Common Event Publishing. Add the CEPA Server where the CEE is installed, select All Events, and save the settings.
Select File System you want to audit and choose the Advanced tab. Under the Events Notifications, select Enable SMB Events publishing.

Agent

Locate the Change Auditor agent near the EMC device (use fastest connection type available).

Use multiple CPU hosts for Change Auditor agent service (at least 2 CPUs or 2 CPU core).

Rights and permissions

For more information

See the Change Auditor for EMC User Guide for detailed information about installing, configuring, and using Change Auditor for EMC.

Change Auditor

Change Auditor for NetApp

NetApp Filer

NetApp Filer with Data ONTAP 7.2 to 9.4

Cluster mode is supported as of version 8.2.1

Agent

Rights and permissions

NetApp running in 7-mode

The provided credentials must have local Administrator rights on the monitored NetApp filer.

You can specify these credentials in one of two ways for the Change Auditor agents assigned to the NetApp Auditing template which defines what to audit on the selected NetApp filer:

Use the Set Credentials button on the NetApp Auditing template to specify the NetApp filer credentials to be used by the selected Change Auditor agent. If you use this method, the specified account must be an Active Directory user that is a member of the local Administrators group of the NetApp filer.

Rights and permissions

NetApp running in cluster mode

Use the Set Credentials button on the NetApp Auditing template. The account should be an Active Directory user that is a member of the local Administrators group of the NetApp filer.

To grant ONTAPI access for the NetApp cluster for an Active Directory user, run the following command on the cluster console:

Optionally, you can use the default role “vsadmin” as the rolename which has the administrator permissions of the NetApp filer.

To create a new role and assign the minimum required rights, run the following commands:

See the NetApp user guide for more details on enabling Active Directory domain users access to the cluster.

To add a new account to a NetApp filer’s local Administrators group:

3
Select Computers from the tree and then select the filer from the list in the right pane.
4
Right-click the filer and click Manage. The Computer Management console opens.
5
Select System Tools | Local Users and Groups | Groups.
6
Double-click the Administrators group on the right.
7
Click Add to add an account to the Administrators group.

For more information

See the Change Auditor for NetApp User Guide for detailed information about installing, configuring, and using Change Auditor for NetApp.

Change Auditor

Change Auditor (any license)

VMware

ESX/ESXi 5.0 to 6.0

vCenter 5.0 to 6.0

Change Auditor

Change Auditor for SharePoint

SharePoint

SharePoint Server 2010 SP2

SharePoint Server 2013 SP1

SharePoint Foundation 2010 SP2

SharePoint Foundation 2013 SP1

Rights and permissions

When selecting the agent to capture SharePoint events, you must enter the credentials to use to access the selected SharePoint farm. This account must have the following permissions:

For more information

See the Change Auditor for SharePoint User Guide for detailed information about installing, configuring, and using Change Auditor for SharePoint.

Change Auditor

Change Auditor for Logon Activity User license for auditing server agents

Change Auditor for Logon Activity Workstation license for auditing workstation agents

Change Auditor | Server agents

Change Auditor for Logon Activity User

Change Auditor | Workstation agents

Change Auditor for Logon Activity Workstation

Change Auditor

Change Auditor for Skype for Business

Skype for Business

Microsoft Skype for Business Server 2015

Microsoft Lync Server 2013

The SQL Server versions where the Central Management Store (CMS) is deployed

Additional requirements

For more information

See the Change Auditor for Skype for Business User Guide for more information about Exchange Online auditing.

Change Auditor

Change Auditor for Exchange

Change Auditor for SharePoint

Office 365 subscriptions

Change Auditor can audit the various Office 365 plans offered by Microsoft including business and enterprise subscriptions.

Windows PowerShell

Windows PowerShell version 3 on the computer where the agent is installed.

URLs

The agent configured to monitor Office 365 must be able to access the following URLs:

Ports

Required permissions

For more information

See the Office 365 and Azure Active Directory Auditing User Guide.

 

Change Auditor

Change Auditor for Fluid File System

Dell Fluid File System supported up to the following versions

Dell Fluid File System version 5.0

Dell Fluid File System version 6.0

Dell Enterprise Manager /Dell Storage Manager supported up to the following version

Dell Enterprise Manager version 15.3

Dell Storage Manager version 16.3

Change Auditor Configuration Service for Dell FluidFS

The Change Auditor Configuration Service for Dell FluidFS.msi is located in the Integration/FluidFS folder of the installation package.

Windows PowerShell

Windows PowerShell version 4 on the computer where the Data Collector service is installed.

Agent requirements

Locate an agent close to the Dell FS8600 cluster (use fastest connection type available).

Ports

To receive events, the following ports must be open:

These are default port values that are configurable.

Encryption

If you are going to turn on encryption for auditing, the domain of the coordinator must trust the domain of the user account specified (one-way trust) during encryption configuration.

Required rights and permissions

The account used for auditing and managing your FluidFS auditing templates in Change Auditor:

For more information

See the Change Auditor for Fluid File System User Guide for more information about configuring and using Change Auditor for Fluid File System.

Change Auditor

Change Auditor for Active Directory

Azure Active Directory

Change Auditor can audit the Azure Active Directory that is included with an Office 365 subscription or the Azure Active Directory Basic subscription.

URLs

The agent configured to monitor Azure Active Directory must be able to access the following URLs:

Ports

Permissions

Synchronized environments

When auditing Azure Active Directory in a synchronized environment, Change Auditor provides more event details by mapping identities from on-premises directories with Azure Active Directory.

The following conditions must be met for Change Auditor to perform the mapping:

When Federation with AD FS is used as the single sign-on method, Azure logon events will no longer be generated since the authentication is done by the on-premises AD FS instance.

For more information

See the Change Auditor for Active Directory User Guide for more information about Azure Active Directory auditing.

Product licensing

As of Change Auditor 7.0 a a new license key is required. Please obtain the new key before installing the new release. To obtain a new key, refer to the License Key Upgrade page: https://support.quest.com/my-account/licensing.

If you purchased multiple Change Auditor products, you only need one instance of the Change Auditor product. The code is the same for all and the license keys determine what features are enabled and disabled in the product.

The following products require separate licenses which can be applied during the coordinator installation process:

If you are licensing multiple Change Auditor products, you can apply the licenses in any order but must apply all the licenses provided.

2
If you have not installed the Change Auditor components, from a member server run the autorun.exe file to start the Quest Change Auditor autorun. See Upgrade and compatibility for more information in installing the Change Auditor components.
3
On the Install page of the autorun, click Install for the Install Change Auditor Coordinator option to start the Change Auditor Coordinator Setup wizard.

If you purchased more Change Auditor products after the initial installation, you can apply new licenses from the coordinator icon in the system tray.

2
From the Licenses tab, click Select License.

Getting started with Change Auditor 7.0

相关文档