如需獲得最佳網頁瀏覽體驗,請使用 IE 11 或更高版本、Chrome、Firefox 或 Safari。

Change Auditor for Active Directory

监控AD以提高安全性与合规性

Active Directory (AD)问题可导致成本高昂的意外服务中断和造成业务波动的网络停机。 同样,有害的数据泄露和违反SOX、PCI、HIPAA、GDPR等规定也会给您带来严重的经济损失。 您需要使用Active Directory审核和安全功能,以确保AD和Azure AD出现严重改动时您能实时收到通知。

通过Change Auditor for Active Directory确保AD和Azure Ad的安全、合规以及对二者的控制。 跟踪、审核、报告所有重要的配置更改并发出警报,同时将这些功能整合到单个控制台,没有启用原生审核功能而产生的额外开销。 借助Change Auditor提供的完全可见性,主动保护各种对象并实时跟踪所有更改。

混合AD审核

获得对所有AD和Azure AD活动的单一关联视图,以及对所有更改的可见性,无论其位于内部部署还是在云环境中。

直观显示

跟踪用户和管理员的活动并提供更改活动的详细信息,以及所有更改的原始值和当前值。

托管控制板

On Demand Audit(具有灵活搜索和数据可视化的SaaS控制板)中查看混合AD和Office 365活动。

对象保护

防止对关键Active Directory对象进行更改,例如意外删除组织单元(OU)和修改GPO设置。

帐户锁定

捕获造成帐户锁定事件的原始IP地址/工作站名称,从而简化故障排除过程。

随时随地获得实时警报

向电子邮件地址和移动设备发送关键更改和模式警报,让您即便不在现场也能收到有关立即采取措施的提醒。

SIEM集成

与SIEM解决方案相集成,将Change Auditor事件转发到Splunk、Arcsight或QRadar。

可直接呈递审核员的报告

生成全面的报告以符合法律合规性要求(如GDPR、SOX、PCI-DSS、HIPAA、FISMA、GLBA等)。

On Demand Audit Hybrid Suite for Office 365

只需点击几下,即可将Change Auditor for Active Directory和Change Auditor for Logon Activity与On Demand Audit配对,以获得AD、Azure AD、Exchange Online、SharePoint Online、OneDrive for Business和Teams中所有更改的单一托管视图。 通过响应快速的搜索和交互式数据可视化简化调查,并可将审核历史记录保留长达10年。

了解如何升级

功能

出色的审核引擎

消除审核限制并捕获更改信息,而无需使用原生审核日志,从而可以更快速地生成结果并节约大量存储资源。

安全性时间表

查看、突出显示和筛选AD及Azure AD环境中随时间推移顺次发生的更改事件并发现它们与其他安全事件之间的关系,从而更好地进行取证分析和做出安全事件响应。

相关搜索

只需单击一下,便可立即访问关于您所查看更改的所有信息以及所有相关事件(例如来自特定用户和工作站的其他更改),从而消除额外的不确定因素和未知安全隐患。

AD更改回滚

直接在Change Auditor控制台中单击一个按钮便可针对未授权、错误或不适当的更改恢复以前的值,并且遵守请求回滚的用户的权限和特权。

Quest InTrust集成

Quest InTrust相集成,实现20:1的压缩事件存储和集中化的原生或第三方日志收集,进行解析和分析并对可疑事件(例如已知勒索软件攻击或可疑PowerShell命令)发出警报和自动执行响应操作。

增强安全洞察

将大量系统和设备中的不同IT数据关联到IT Security Search(一种交互搜索引擎)中,以加快安全事件响应和取证分析速度。 通过丰富的可视化和事件时间表囊括用户授权和活动、事件趋势、可疑模式等。

    警报

  • 监控对Active Directory进行的关键更改并发出相应警报。

  • 组策略

  • 监控对组策略对象的关键更改并发出相应警报。

  • 帐户锁定

  • 帐户被锁定时会收到警报。

  • 对象保护

  • 防止对关键对象和设置进行更改。

  • 基于角色的访问

  • 提供基于角色的访问,以控制哪些用户可以执行什么操作或查看什么内容。

  • 包含On Demand Audit的托管控制板

  • 将Change Auditor与On Demand Audit配对,获得所有混合AD和Office 365活动的单一托管视图。

荣获2018年Stevie Awards美国人民选择奖

荣获2018年Stevie Awards美国人民选择奖

在2018年Stevie Award美国人民选择奖的角逐中,Change Auditor得票最多,荣获最佳软件奖,此外,还获得2018年最佳新产品银奖。

规格

Change Auditor协调器(服务器端)、Change Auditor客户端、Change Auditor代理程序(服务器端)、Change Auditor工作站和Web客户端(可选组件)具有特定的系统要求。 有关Change Auditor可以审核的所有组件和目标系统的完整系统要求与所需权限列表,请参见Change Auditor安装指南。

Change Auditor协调器负责执行客户端和代理程序的请求并生成警报。

处理器

等效于四核英特尔®酷睿™ i7或更高配置的处理器

内存

最低:8 GB内存或更高配置

建议:32 GB RAM或更高配置

SQL Server

最高支持以下版本的SQL数据库:

  • Microsoft SQL Server 2012 SP4
  • Microsoft SQL Server 2014 SP3
  • Microsoft SQL Server 2016 SP2
  • Microsoft SQL Server 2017
  • Microsoft SQL Server 2019

注意:Change Auditor支持SQL AlwaysOn可用性组、SQL群集以及应用了行和页面压缩的数据库。

操作系统

最高支持以下版本的安装平台(x64):

  • Windows Server 2012
  • Windows Server 2012 R2
  • Windows Server 2016
  • Windows Server 2019

:必须启用Microsoft Windows Data Access Components (MDAC)。 (MDAC是操作系统的一部分,默认情况下已启用。)

协调器软件和配置

为实现卓越的性能,Quest强烈建议:

  • 专用成员服务器上安装Change Auditor协调器。
  • 应在单独的专用SQL Server实例上配置Change Auditor数据库。

:请勿为Change Auditor数据库预分配固定大小。

此外,需要满足以下软件/配置要求:

  • 协调器必须拥有与本地域和林根域中所有域控制器的LDAP和GC连接。
  • Microsoft .NET 4.7.1(x64版)
  • Microsoft XML Parser (MSXML) 6.0(x64版)
  • Microsoft SQLXML 4.0(x64版)
协调器占用空间
  • 预计使用1 GB的硬盘空间。
  • 协调器占用的内存大小主要取决于环境、代理程序连接数和事件量。
  • 估计的数据库大小因所部署的代理程序数量和所捕获的审核事件数量而异。

有关其他所需的帐户协调器最低权限,请参见Change Auditor安装指南

资源

Change Auditor for Active Directory
数据表
Change Auditor for Active Directory
Change Auditor for Active Directory
快速跟踪和确认任何变化或日常系统修改
阅读数据表
Overcoming Office 365 Security & Compliance Auditing Challenges
白皮书
Overcoming Office 365 Security & Compliance Auditing Challenges
Overcoming Office 365 Security & Compliance Auditing Challenges

Commercial use of Office 365 has skyrocketed in recent years — but most organizations admit they still lack the

阅读白皮书
Integrated change auditing and event log management for strong security
白皮书
Integrated change auditing and event log management for strong security
Integrated change auditing and event log management for strong security
This white paper explores how you can use Change Auditor and InTrust, either alone or in combination with your SIEM, to improve security and compliance while reducing costs.
阅读白皮书
零售商确保PCI DSS合规性
案例分析
零售商确保PCI DSS合规性
零售商确保PCI DSS合规性

“为实现PCI DSS合规性,我们需要打开所有本地日志记录并

阅读案例分析
政府机构提高安全性和 工作效率
案例分析
政府机构提高安全性和 工作效率
政府机构提高安全性和 工作效率
依托Quest的Microsoft平台管理解决方案,德州中北部政府理事会可以实时控制 其整个混合IT环境中的变更。
阅读案例分析
Government healthcare agency ensures security and compliance
案例分析
Government healthcare agency ensures security and compliance
Government healthcare agency ensures security and compliance
Learn how Quest Change Auditor helped Region Halland gain deep visibility into Active Directory and Azure AD.
阅读案例分析
Nine Best Practices to Reduce Active Directory Security Breaches and Insider Threats
电子书
Nine Best Practices to Reduce Active Directory Security Breaches and Insider Threats
Nine Best Practices to Reduce Active Directory Security Breaches and Insider Threats
This ebook explores the anatomy of an AD insider threat and details the best defense strategies against it.
阅读电子书
Retailer Ensures PCI DSS Compliance
案例分析
Retailer Ensures PCI DSS Compliance
Retailer Ensures PCI DSS Compliance

Any retailer that wants to continue accepting credit cards needs to maintain compliance with PCI DSS standards — and prove it during annual audits. One of the PCI DSS requirements can be part

阅读案例分析

视频

Learn about Change Auditor for Active Directory
Learn about Change Auditor for Active Directory

04:07

視頻
Learn about Change Auditor for Active Directory
Learn how Change Auditor for Active Directory from Quest helps ensure the security, compliance and control of AD and Azure AD.
观看视频
Change Auditor 7.1 – New Features
Change Auditor 7.1 – New Features

10:32

視頻
Change Auditor 7.1 – New Features
Explore Change Auditor’s new features, such as Golden Ticket detection & auditing Kerberos and NTLM authentication.
观看视频
What is Quest Change Auditor and how does it compare to and complement Microsoft ATP and third-party SIEM solutions?
What is Quest Change Auditor and how does it compare to and complement Microsoft ATP and third-party SIEM solutions?

14:10

視頻
What is Quest Change Auditor and how does it compare to and complement Microsoft ATP and third-party SIEM solutions?
Hear Quest product experts, Ghazwan Khairi, Bryan Patton and Robert Tovar discuss the real-time security and IT auditing of Change Auditor and how it compares to and integrates with SIEM solutions and Microsoft Advanced Threat Protection.
观看视频
How to integrate Change Auditor with On Demand Audit
How to integrate Change Auditor with On Demand Audit

04:58

視頻
How to integrate Change Auditor with On Demand Audit
Learn how to integrate Change Auditor with On Demand Audit from Quest.
观看视频
Change Auditor integration with SIEM solutions and Quest InTrust
Change Auditor integration with SIEM solutions and Quest InTrust

02:54

視頻
Change Auditor integration with SIEM solutions and Quest InTrust
See what's new in Change Auditor 7.0 including integration with SIEM solutions and Quest InTrust.
观看视频
How to alert when a group membership changes in Change Auditor for Active Directory
How to alert when a group membership changes in Change Auditor for Active Directory

06:02

視頻
How to alert when a group membership changes in Change Auditor for Active Directory
This video demonstrates how to alert when a group membership changes within Change Auditor for Active Directory.
观看视频
How to create a protection template for an Organizational Unit with Change Auditor for Active Directory
How to create a protection template for an Organizational Unit with Change Auditor for Active Directory

12:37

視頻
How to create a protection template for an Organizational Unit with Change Auditor for Active Directory
This video demonstrates how to create a protection template for an Organizational Unit with Change Auditor for Active Directory from Quest.
观看视频

博客

Change Auditor 7.1: What’s New

Change Auditor 7.1: What’s New

The Change Auditor for Logon Activity 7.1 update allows for auditing of Kerberos and NTLM authentications to promote better security and compliance. Learn more.

Quest Security Assessments Reveal Top 4 Issues in Active Directory: Groups and OSs (Part 3 of 3)

Quest Security Assessments Reveal Top 4 Issues in Active Directory: Groups and OSs (Part 3 of 3)

In the third and final part of this Active Directory security issues series, we take a look at the problems with Groups and Operating Systems (OSs). Learn more.

CISA Office 365 Alert and 10 Security Actions to Take Now by Sean Metcalf (from our latest TEC Talk)

CISA Office 365 Alert and 10 Security Actions to Take Now by Sean Metcalf (from our latest TEC Talk)

This blog post will outline the CISA alert, prior CISA advice for securing Office 365 and point you to a TEC Talk by Microsoft Certified Master Sean Metcalf (@PyroTek3) that addresses the 10 (and more) Azure AD and Office 365 security tasks to do now!

Workforce and IT Refresher Tips to Avoid COVID-19 Phishing Attempts

Workforce and IT Refresher Tips to Avoid COVID-19 Phishing Attempts

“Let no crisis go to waste.” This is the new mantra of every cyber criminal in the age of COVID-19. Around the globe, organizations are seeing an increase in phishing attempts that exploit our fear and desire for coronavirus information, ...

The Many Colors of AD Security – Microsoft Red Forest, Orange Forest, Greenfield or Blue?

The Many Colors of AD Security – Microsoft Red Forest, Orange Forest, Greenfield or Blue?

Discover the different models of Active Directory (AD) security, including the Red and Orange Forest models, Greenfield migrations, and Blue Team.

Top 10 Security Events to Monitor in Azure AD and Office 365 – [New eBook]

Top 10 Security Events to Monitor in Azure AD and Office 365 – [New eBook]

Learn about 10 places in your cloud environment that log important audit events. See how native tools fall short of ensuring your auditing compliance.

立即行动

增强AD安全和合规性审核。

支持和服务

产品支持

自助式工具将帮助您安装、配置产品以及进行故障排除。

支持服务

查找适当的支持级别,以满足企业的独特需求。

专业服务

从现场或异地提供的一系列可用服务中进行搜索,以最好地满足您的需求。

培训与认证

通过网络在线、现场或虚拟形式提供教师指导的培训课程。