ACTIVE DIRECTORY AUDITOR: advanced report on Active Directory
What is Active Directory Auditor (ADA)?
Active Directory Auditor (ADA) is a tool designed to constantly monitor the status of Active Directories, determine risk, and warn when set KPI thresholds are exceeded.
This module is seamlessly integrated with all other SGBox features, and is capable of generating lists that can be used by other modules to perform specific tasks such as event correlation and filtered reports.
Full visibility on Windows systems
Windows auditing is a mechanism for tracking events. Knowing when and where these events occurred and who triggered them can help when doing Windows network forensics.
It can also be very helpful with detecting certain types of problems like improper rights assignments in the file system.
SGBox includes Windows auditing capabilities, to help organizations remain compliant with data protection requirements, identify potential threats early, and help to reduce the risk of a data breach.
A specific set of Dashboard, Correlation Rules and Reports to monitor Windows Server operation and show a who/where/when picture of what is going-on on your servers.
Windows File System Auditor
Several predefined events are constantly monitored to collect files and folders operations like creation, deletion, change and read. Predefined Correlation Rules set will warn about main suspicious activities on files and folder. Predefined Reports can be scheduled to be always ready for any need and keep an historical trace of files and folders operation.
A rich set of Dashboard, Correlation Rules and Reports, based on the log sent by Domain Controllers, Servers and workstation that will show a complete picture of all the meaningful activities on windows devices and map custom events. Moreover, is it possible both to map custom events and create custom Dashboards, Correlation Rules and Reports.
Advanced Windows Audit
It is possible to collect in deep information about Windows machines operation such as process monitoring, registry operation, DNS queries, network connections and much more. This capability is very useful to monitor critical servers operation and spot specific issue or suspicious activities related to the specific server functions.
Functionalities of SGBox Active Directory Auditor
SGBox includes advanced control capabilities on MS Active Directory systems to help businesses meet data protection requirements.
Active Directory Auditor provides a clear picture of all changes to AD resources, including AD objects and their attributes.
It helps detect and respond to internal threats, misuse of privileges, and other Compromise Indicators (ioc).