Hello. I am Neil Belfour, one of the solution architects here with Quest. And today, I'm going to demo Change Auditor for Windows File Systems. Change Auditor is an auditing framework application, but today we're going to focus on Windows File Systems module.
What you're looking at right now within Change Auditor is the [? thick ?] console for it. There are multiple consoles to view this information and configure Change Auditor. There is a web console that is very similar to the thick console, and there is also a Google Search Console called IT Security Search, which acts as a Google search for your Change Auditor installation.
But going back to the thick console, Change Auditor is an agent-based application. So when it comes to Windows File Service, an agent must be deployed to every file server. It is also a Microsoft SQL back-ended application, so it does require a version of Microsoft SQL.
The first tab that we come across is the Overview tab. The Overview tab is kind of like the real-time sports ticker. It's Change Auditor real-time, and it does refresh every five minutes. You would see your top agent activity as well as your agent's status.
The searches is inclusive of the 600-plus reports that are built into Change Auditor, and we do break them down into multiple categories. The Built-in are all the inclusive. The Shared would be common searches that you would want to share with the rest of your team, and the Private searches all the searches that only you can see. Most common, these are the searches that you would enable for real-time SNTP alert as well as scheduled reports.
But to go back to the file systems, or Windows File Systems component, I just chose to run one of our simple reports or file systems. You can sort this information and group it almost any way that you would want. You can customize these columns very easily. But once we go in here, we get very much the who, where, what, when information. Change Auditor is not looking at your native event logs for Windows File System, so it's doing its own auditing.
And you can see here, I am just simply grouping it by events. If I wanted to pull up an event, Common File Deleted, no problem. Once I highlight the event, that's when we get much into the who, where, what, when, and even origin. In this case, the who is invalid, where was on this application to server. The what is, in this case, pre-POC checklist, well, primarily a Word document was deleted on this specific server at this origin. You can also track files being moved. And in this case, we would show you the before and after value of that same file, and I can see that I didn't move through a [INAUDIBLE].
One of the most common things that we're also tracking is files being opened. Now I can go in and see down to the individual files being opened. And in this case, if I can see that A Rogers did open a License-Key1.txt from his Windows 8 origin machine. All of this information can be exported to a variety of formats, and you can easily change how you see this information.
So that concludes this demo for Change Auditor on Windows File Systems. For more information, please visit the Change Auditor URL listed on the screen. Once again, thank you for your time.