Monday, February 4

Audit for Active Directory

NetVision launched a new web site focused on our solution for reporting and monitoring on Windows and Active Directory. The solution is pretty cool. If you're having trouble understanding how to generate reports or apply real-time monitoring for Active Directory, you should check it out.

This is not a SIEM solution designed to collect logs from as many sources as possible. This is a very focused solution on Identity information in Active Directory. The listener is embedded into Active Directory so that we're not reliant on the security event logs, which provides non-repudiable proof of events that are taking place. And it means that we're not limited to the information provided by the event log (there is a limited set of attributes available for a user object change, for example). We can tell you what changes were made, when the change occurred and who initiated it. All of which is valuable audit and compliance information.

We also have advanced filtering capability on the listeners so that you can filter events by type, object, or actor. This means that you only collect relevant data which reduces storage and makes it easy to get to the data you want on the reporting side. We can tell you things like user attributes and group memberships, changes to user accounts or groups, inactive user accounts, OU changes, file system Access Control List changes, file system access attempts and file adds or changes. And we provide policy and report templates that make it easy for you to get up and running.

So take a look and let us know if you have questions.

No comments: