立即与支持人员聊天
与支持团队交流

Change Auditor 7.5 - User Guide

Welcome to Change Auditor Help Change Auditor Core Functionality
Change Auditor Core Functionality Change Auditor Overview Agent Deployment Change Auditor Client Overview Overview Page Searches Search Results and Event Details Custom Searches and Search Properties Enable Alert Notifications Administration Tasks Agent Configurations Coordinator Configuration Purging and Archiving your Change Auditor Database Working with Private Alerts and Reports Generate and Schedule Reports SQL Reporting Services Configuration Change Auditor User Interface Authorization Client Authentication Certificate authentication for client coordinator communication Integrating with On Demand Audit Enable/Disable Event Auditing Account Exclusion Registry Auditing Service Auditing Agent Statistics and Logs Coordinator Statistics and Logs Change Auditor Commands Change Auditor Email Tags
Microsoft 365 and Microsoft Entra ID Auditing Change Auditor for Active Directory
Change Auditor for Active Directory Overview Custom Active Directory Searches and Reports Custom Active Directory Object Auditing Custom Active Directory Attribute Auditing Member of Group Auditing Active Directory Federation Services Auditing ADAM (AD LDS) Auditing Active Directory Database Auditing Active Roles Integration Quest GPOADmin Integration Active Directory Protection Event Details Pane About us
Change Auditor for Authentication Services Change Auditor for Defender Change Auditor for EMC Change Auditor for Exchange Change Auditor for Windows File Servers Change Auditor for Active Directory Queries Change Auditor for Logon Activity Change Auditor for NetApp Change Auditor for SharePoint Change Auditor for SQL Server Change Auditor SIEM Integration Guide
Webhooks in Change Auditor Integrating Change Auditor and SIEM Tools Subscription Management
Adding the PowerShell module Viewing available commands and help Connecting to Change Auditor Managing subscriptions Working with event subscriptions in the client Managing a Splunk integration Splunk event subscription wizard Managing an IBM QRadar integration QRadar event subscription wizard Managing a Micro Focus Security ArcSight Logger and Enterprise Security Manager (ESM) integration ArcSight event subscription wizard Managing a Quest IT Security Search integration (Preview) Managing a Syslog integration Syslog event subscription wizard Managing a Microsoft Sentinel integration Microsoft Sentinel event subscription wizard
Webhook technical insights
Change Auditor Threat Detection Deployment Change Auditor Threat Detection Dashboard Change Auditor PowerShell Command Guide Change Auditor Dialogs
Change Auditor dialogs
Quest Change Auditor dialog Add Administrator Add Agents, Domains, Sites dialog Add Container dialog Add Active Directory Container dialog (AD Query) Add Facilities or Event Classes dialog Add Facilities or Event Classes dialog (Add With Events) Add File System Path dialog Add Foreign Forest Credential Add Group Policy Container dialog Add Local Account dialog Add Logons dialog Add Logons dialog (Add With Events) Add Object Classes dialog Add Object Classes dialog (Add With Events) Add Origin dialog Add Origin dialog (Add With Events) Add Registry Key dialog Add Results dialog Add Service dialog Add Service dialog (Add With Events) Add Severities dialog Add Severities dialog (Add With Events) Add SharePoint Path dialog Add SQL Instance dialog Add SQL Data Level Object Add Users, Computers or Groups dialog Add Where dialog Add Who dialog Advanced Deployment Options dialog Agent Assignment dialog Alert Body Configuration dialog Alert Custom Email dialog Auditing and Protection Templates dialog Authorizations: Application Group dialog Authorizations: Operations | Role Definitions | Task Definitions | Application Group Authorizations: Role dialog Authorizations: Task dialog Auto Deploy to New Servers in Forest dialog Browse for Folder dialog Browse SharePoint dialog Comments dialog Configuration Setup dialog Configure cepp.conf Auditing dialog Connection screen Coordinator Configuration tool Coordinator Credentials Required dialog Credentials Required dialog Custom Filter dialog Database Credentials Required dialog Directory object picker Domain Credentials dialog Eligible Change Auditor Agents dialog Event Logging dialog Export/Import dialog Install or Upgrade/Uninstall/Update Foreign Agent Credentials IP Address dialog Log page Logon Credentials dialog (Deployment page) Logon Credentials dialog (EMC Auditing wizard) Manage Connection Profiles dialog New Report Layout dialog Microsoft 365 dialog Rename dialog Save As dialog Select a SQL Instance and Database dialog Select Destination Folder dialog Select Exchange Users dialog Select Registry Key dialog Select SQL Reporting Services Template dialog Shared Mailboxes dialog SharePoint Credentials Required dialog When dialog
About Us

Top Agent Activity

Previous Next

Top Agent Activity

The Top Agent Activity pane displays the most active agents in your environment. That is, the agents that have forwarded the most events to the coordinator based on the date range selected. If this pane is not displayed, click the arrow on the heading of one of the lower panes and select Top Agent Activity to display this pane.

By default, the agent activity on all servers for the past month, excluding uninstalled agents, will be displayed. You can, however, use the controls located at the top of this pane to specify the types of agented objects to be included as well as the date range.

Type

By default all agented objects are included. However, you can use the drop-down menu located in the upper left corner of this overview pane to limit the types of objects to be included:
All - view all agented servers and workstations (default)
DCs - view only agented domain controller servers
Servers - view only agented servers that are joined to the domain
Workstations - view only agented workstations that are joined to the domain
Others - view only non-member objects, such as ADAM workgroup servers or workstation agents manually installed on non-Active Directory machines
Show Uninstalled Agents

Select this check box to include all uninstalled agents in the count. Uninstalled agents are not included by default.

Time interval

By default, data will be collected for the last month. However, you can use the controls in the upper right corner of this overview pane to specify a different time interval for collecting this data.

Where: <nn> is a positive numeric value and <interval> is one of the following:
Hours
Days
Weeks
Months (default)
Years

Recent Event Activity

Previous Next

Recent Event Activity

The Recent Event Activity pane allows you to display recent activity for selected events. Click the arrow on the heading of one of the Overview panes and select Recent Event Activity to display this pane. By default, the activity for the following events are displayed in this pane:
Quest Change Auditor Agent restarted
Quest Change Auditor Agent started
Quest Change Auditor Agent stopped
User account locked
User member-of added
User member-of removed
User password changed

Use the controls at the top of this pane to define the content to be included in this Overview pane.

Select Events

Click Select Events to select different event classes to be displayed. Clicking this button displays the Select an Event Class dialog. Select the event classes to display and click Add to add them to the selection list.

* 
NOTE: A maximum of 10 event classes can be selected. When you have reached this limit, the Add button is disabled preventing you from adding any additional event classes.

Use these buttons/controls to define the format used to display the information. By default, the data appears in a data grid format.

Use this to display the data in a bar graph. Select the Show Legend check box to include a legend for the bar graph.
* 
NOTE: The bar graph button and Show Legend check box only appear when there is activity to report in this pane.
Use this to redisplay the data using the data grid format.
Last <nn> Days

The default or selected events will be listed along with the number of events that occurred each day over the specified time interval. By default, the data will be collected for the last seven days. However, you can use the control in the upper right corner of this pane to display from one to seven days of data.

Count of Events By

Previous Next

Count of Events By

The event counts pane displays a table listing the total number of events captured, sorted by the selected category. Click the arrow on the heading of one of the Overview panes, select Count of Events By and then select one of the following categories to display this pane:
Event Class
Facility
Location
Severity
Result
Subsystem

The count by event panes include the total number of events found in the Change Auditor database based on the category selected. The counts on these panes are hypertext links, which when selected display a Search Results page showing the events associated with the selected count. However, the Search Results page only displays the associated events generated in the last year. If you want to see all of the events associated with the selected count, edit the date range to include the ‘last nn years’ in the When tab on the Search Results page.

Agent Status

Previous Next

Agent Status

The Agent Status pane displays a gauge depicting the current status of agents. Click the arrow on the heading of one of the Overview panes and select Agent Status and then select one of the following options to display this pane:
Enterprise View - displays all agented member servers installed in the enterprise
Workstation View - displays all agented workstations that are installed on Active Directory machines in the enterprise
Other View - displays all agented non-member objects, such as ADAM workgroup servers or workstation agents manually installed on non-Active Directory machines in the enterprise
<DomainName> - displays all agented machines, including servers, workstations and non-member workgroup computers, installed on the selected domain
Show Uninstalled Agents

By default, only active and inactive agents are included. However, you can select this check box to include the agents that are set as ‘uninstalled’.

Double-clicking the gauge displays the Agent Statistics page which provides a global view of all agents, including their current status.

相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级