Hi,
Please explain me the difference between change auditor and intrust.
Which tool I need to buy for active directory auditing.
Both can do AD auditing very well.
Change Auditor is the quickest to setup and get results from.
InTrust is more flexible than Change Auditor for certain use cases but this comes at the price of a steeper learning curve to take advantage of its more advanced capabilities.
To recommend one over the other, we would need to understand the specifics of your auditing (and perhaps reporting) needs including the need to archive native windows event log data. If this last point is not important at all, Change Auditor is definitely the better choice.
If my understanding is right,AD change auditor perform object level auditing and reporting.
Intrust also do AD auditing and additionally it can collect event logs for all servers and workstation and saved in a repository.
That's right, but InTrust is so much more. It collects and efficiently stores all the native logs, so that in case of bad actors trying to esteblish presense and steal your data it provides awesome repository of detailed log events which can help you perform the forensics and by idenitfying possible attack markers create rules which could prevent it from happening again using response actions. Some of such markers already built into the product.
CA helps you make sense of the real actions real people do in AD to track the audit more efficiently, InTrust colelcts all that is happening in between the lines to catch and protect agains the misuse which on serface may look like valid actions.
That's right, but InTrust is so much more. It collects and efficiently stores all the native logs, so that in case of bad actors trying to esteblish presense and steal your data it provides awesome repository of detailed log events which can help you perform the forensics and by idenitfying possible attack markers create rules which could prevent it from happening again using response actions. Some of such markers already built into the product.
CA helps you make sense of the real actions real people do in AD to track the audit more efficiently, InTrust colelcts all that is happening in between the lines to catch and protect agains the misuse which on serface may look like valid actions.
