Hello, I am Neil Belflour, one of the solution architects with Quest. And today, I'm going to demo Change Auditor for Active Directory queries. Change Auditor is an audit and framework application, normally license, which modules you want. But today's presentation, we're going to focus on the Active Directory queries module.
Change Auditor does offer multiple consults for configuration and reporting. This is the thick console that we're looking at. And you could have this console installed in as many locations as you want. There is a Change Auditor web console, which is very similar to the the thick console.
And then there is a council called IT security search-- think of it as a web-based Google Search Console for your Change Auditor installation. Change Auditor is an agent-based application. So when it comes to AD queries, agents would have to be deployed to every domain controller.
It is also a SQL back-ended application. So it does require a version of Microsoft SQL. The first tab is known as the Overview tab. The Overview tab is going to show you Change Auditor real-time events. And it does refresh every five minutes.
It's also going to show you your top agent activity, as well as your agent status-- active and inactive agents. The Search tab is where you would start seeing the reports that are built into Change Auditor. We break them down into three different categories, such as built-in.
Those are the 600-plus searches that are inclusive within the application. There's shared folders, as well as private. The shared folders would be if you wanted other people to be able to access some of these customized searches.
You can populate them in there, as well as the private folder is where you would primarily set up the searches that you would want to be alerted on, real-time SMTP, as well as scheduled reports delivered via SMTP. When it comes to AD queries, there's not much configuration to application outside of deploying the agent to your domain controllers.
We are tracking completed queries only. Here would be an example of one of the reports built in. I happen to like this one as a very common one, because it's filtering your AD queries by originating hostname/IP address. So now you can see at a quick instance which server or even client workstation is responsible for the most amount the queries into your infrastructure.
I can expand some of the queries coming from my workstation. And all of these searches that you're looking at right now are exportable to a variety of formats. You can also easily customize these columns for which specific events you want to appear. If I would highlight any of these query events, now, we get very much into the who, where, what, when, and origin of this query, and the elapsed time of the query.
So you could see easily where it's coming from, where it's hitting, and the actual query that is associated with it with the origin name. And you can filter this information and allow it to appear any way that I wanted to. If I did not want it to appear in this type of filter, I can easily remove this filter.
But this tends to be the most common filter that people do like to see when it comes to LDAP queries. So that concludes this demo on Change Auditor for LDAP queries or Active Directory queries. For more information, visit the Change Auditor URL listed on the screen. Thank you.