Change Auditor integration with SIEM solutions and Quest InTrust

Welcome to this Change Auditor video demonstration. In this video, will be discussing what's new in the 7.0 release-- primarily, SIM integration. As per normal, you can view all the recent changes in the latest update on the start page of the Change Auditor client, or in the release notes online. And in this release, some of the changes are an updated license format-- so you may need a new license to install the 7.0 release-- enhanced security between the SQL Server and the Change Auditor coordinator, the ability to manage Active Directory protection with PowerShell commands, the ability to identify read-only domain controllers, or RODCs. There are also new features like search enhancements, new built-in searches, additional platform support, and miscellaneous enhancements and updates. But this video will primarily focus on the ability to forward events to third-party tools and SIM solutions. This is essentially the ability to configure Change Auditor to forward events to a third-party tool using WebHook technology. It can work with just about any SIM solution that accepts WebHook notifications. Next, we're going to show you how to do this-- for example-- for Splunk Enterprise Edition. In the Change Auditor client, we then go to Administration. From the Administration tab, there will be a section on the left nav bar called Event Subscriptions. To create a subscription, we simply click Add, and enter the Splunk Enterprise or cloud URL information, as well as the event token. Next, we select the actual data that we want to forward to the solution. Over time, provided the solution is configured to accept WebHook notifications, they should appear in that solution. Another option is to enable event log collection, as shown here. And an integration option you may consider is combining Change Auditor with Quest InTrust. Likely, you're using your SIM solution today to collect all activity happening in your environment, including server, client, and network-related activity. And that can often lead to scaling and licensing cost issues. Quest InTrust collects native and third-party logs and stores everything in a highly compressed 20 to 1 repository. Customers can then forward their InTrust log data to their SIM for continued forensics, and can also reduce their storage costs and retain log data for long-term storage. This concludes the What's New in Change Auditor 7.0 demonstration. Thank you for watching. To learn more about Change Auditor and the solutions it integrates with, please visit us online.