Hi, my name is Brian Hymer. I'm a solutions architect with Quest software and I wanted to talk to you about a great product feature that we have. Over here, you can see several products that we sell here at Quest. Our Change Auditor product is world renowned-- Interest, Enterprise Reporter, and our Active Rolls product. Each product allows you to monitor and manage your Microsoft infrastructure.
So let's say, for example, you had a forensic investigation where you needed to find out something that happened. Maybe you received an alert from Change Auditor. And so you can go to the console for Change Auditor and see the details of the event that caused this alert and maybe even do some searching on there. But maybe you need more information, like perhaps what permissions a person has on files. So you can come to Enterprise Reporter and get that information from the enterprise recorder console.
But maybe that's not quite enough. Maybe you need to know something else, like the workstation the user was working on. And you need to see what events have happened on that workstation because you think maybe that workstation was compromised. So you can bring your information over here and come to this console, and maybe work with that to find the information for the workstation-- maybe their PowerShell logs or if you're using Sysmon, or just the security log on that box.
But maybe that's not even enough. Maybe you need to figure out how this person got access. And it may have been through a temporal group membership. So now you need to come down here to active roles and get information and active roles about just what this user has permissions to in your environment. When you're doing this investigative work, often you have to go back and forth. So you might have to come back up to Enterprise Reporter for data, or over here to Interest for data, up here to CA, back to Active Roles.
And pretty soon, you've just really made a mess, like my drawing. Wouldn't it be great if you can look at all this information from one place without ever leaving your chair? Well that's why we have IT Security Search. With IT Security Search, you're able to actually do this. You can get the information from Change Auditor, from Interest, from Enterprise Reporter, and from Active Roles, all in one pane of glass which lets you finish your investigation without ever leaving your chair.