For the best web experience, please use IE11+, Chrome, Firefox, or Safari

Change Auditor

Security vulnerability monitoring for your Active Directory (AD) and hybrid Microsoft environment. Active Directory continues to be the cornerstone for securing access to business-critical applications. Yet change reporting and vulnerability monitoring for AD is cumbersome, time-consuming, and often impossible using system-provided IT auditing tools. Adopting Azure AD and Office 365 only increases your reliance on Active Directory, while doubling the attack surface and introducing additional opportunities for ransomware and other exploits. This often results in data breaches and insider threats that can go undetected without protections in place. Fortunately, Change Auditor provides real-time threat monitoring and security tracking of all key user activity and administrator changes.

Change Auditor 7.1 – New Features 10:32
With Change Auditor, you get complete, real-time IT auditing, in-depth forensics and security threat monitoring on all key configuration, user and administrator changes in your Microsoft environment. Change Auditor detects indicators of compromise across AD, Azure AD and authentications to thwart attackers and their attempts to deploy ransomware. In addition, Change Auditor tracks lateral movement across the network and audits suspicious user activity across file servers, Office 365 and Exchange to track hackers already in the network.

Hybrid security monitoring

Proactively monitor all security changes occurring across your AD, Azure AD and Office 365 environments, regardless of whether the activity takes place on-prem or in the cloud.

Threat prevention

Block attackers from making changes to critical groups, GPO settings and linking, sensitive mailboxes or exfiltrating your AD database to steal credentials – regardless of the privileges they’ve hijacked.

Forensic reporting

Extend security monitoring beyond just AD and Azure AD to track every aspect of an attacker’s activity across file systems, Exchange and Office 365 after they’ve breached the network.

Vulnerability management

Detect indicators of compromise (IOCs) through dozens of built-in alerts and assess many more indicators of exposure (IOEs) across AD, Azure AD and authentications. 

360° security protection

From upfront vulnerability assessment to intrusion detection and monitoring of compromised accounts, Change Auditor has you covered at every step.

Golden Ticket detection

Detect and alert on common Kerberos authentication vulnerabilities used during Golden Ticket / Pass-the-ticket attacks.

Normalized 5W audit details

Translate cryptic, system-provided logs into a simple, normalized format highlighting the who, what, when, where and workstation details and before and after values.

Real-time alerts on the move

Send critical change and pattern alerts to email and mobile devices to prompt immediate action, even while you're not on site.

On Demand Audit Hybrid Suite for Office 365

Overview of On Demand Audit 07:25
Pair Change Auditor with On Demand Audit to get a single, hosted security dashboard of all vulnerabilities and suspicious activity across AD, Azure AD, file servers, network-attached storage, Exchange Online, SharePoint Online, OneDrive for Business and Teams. On Demand Audit proactively highlights security threats and anomalous activity and accelerates incident investigations through contextual and interactive data visualizations.

Features

Security threat monitoring

Detect attack attempts, lateral movement through your network, and post-attack damage done to your critical workloads like Exchange and file systems.

Complete coverage

Detect indicators of compromise (IOCs) across AD and Azure AD to catch attacks before they start, and audit suspicious user activity across file servers, Office 365 and Exchange to monitor adversaries already in the network.

Threat timelines

View, highlight and filter change events and discover their relation to other security events in chronological order across your Microsoft environment for better forensic analysis and security incident response.

Related searches

Provide instant, one-click access to all information on the change you're viewing and all related events, such as what other changes came from specific users and workstations, eliminating guesswork and unknown security concerns.

Superior auditing engine

Remove auditing limitations and capture change information without the need for system-provided audit logs, eliminating blind spots, and resulting in increased visibility of suspicious user activity.

Secure AD attack paths

Identify Tier Zero assets and the attack paths to them using BloodHound Enterprise and monitor and secure those attack paths to avoid exploits with Change Auditor. 

SIEM integration

Enrich SIEM solutions including Sentinel, Splunk, ArcSight, QRadar or any platform supporting Syslog by integrating Change Auditor’s detailed activity logs.

Auditor-ready reporting

Generate comprehensive reports to support regulatory compliance mandates for GDPR, PCI DSS, HIPAA, SOX, FISMA / NIST, GLBA and more.

Platforms

Learn about Change Auditor for Active Directory 04:07

Learn about Change Auditor for Active Directory

Active Directory

Change Auditor for Active Directory and Change Auditor for Logon Activity detect and alert on changes to critical objects in Microsoft Active Directory and Azure AD with a single, correlated view across your hybrid AD environment. Track Kerberos, NTLM and ADFS authentications to identify vulnerabilities and exploits.

Product Demo: Learn about On Demand Audit 07:25

Product Demo: Learn about On Demand Audit

Azure AD and Office 365

With just a few clicks, you can pair Change Auditor and On Demand Audit to get a single, hosted view of all changes made across AD, Azure AD, Exchange Online, SharePoint Online, OneDrive for Business and Teams.

Product Demo: Change Auditor for Windows File Servers 03:52

Product Demo: Change Auditor for Windows File Servers

Windows Server

Change Auditor for Windows File Servers helps you control and audit changes to Microsoft Windows Server efficiently and cost-effectively. Proactively track, audit, report on and alerts on vital changes, including user and administrator accounts, in real time and without the overhead of system-provided auditing.

Learn about Change Auditor for Exchange 04:02

Learn about Change Auditor for Exchange

Exchange

Change Auditor for Exchange simplifies the Exchange auditing process. Track, audit, report and alert on Microsoft Exchange on-premises and Exchange Online changes in real time within a single, correlated view.

Product Demo: Change Auditor for SQL Server 04:06

Product Demo: Change Auditor for SQL Server

SQL Server

Change Auditor for SQL Server makes database auditing of Microsoft SQL Server easy and secure. It tracks, audits, reports on and alerts on changes in real time, translating events into simple terms and eliminating the time and complexity required for auditing.

Product Demo: Change Auditor for NetApp 05:04

Product Demo: Change Auditor for NetApp

Network-attached storage

Ensure the security, compliance and control of files, folders and shares by tracking, auditing, reporting and alerting on all changes in real time. With Change Auditor for NetApp and Change Auditor for EMC, you can report on and analyze events and changes without the complexity and time required with built-in auditing functions.

Overview of Change Auditor for SharePoint 03:26

SharePoint and OneDrive for Business

Change Auditor for SharePoint enables faster, easier and more secure SharePoint, SharePoint Online and OneDrive for Business auditing. It translates events into simple terms, stores data in one centralized and secure database and, in real time, tracks, audits, reports on and alerts on critical changes to:

  • SharePoint farms, servers, sites, users, permissions and more
  • File and folder activity as well as sensitive data moving in and out of OneDrive for Business

Featured Products

Change Auditor for Active Directory

Ensure security, compliance and control of AD and Azure AD.

Download Free Trial

Change Auditor for Logon Activity

Alert and report on AD logon and logoffs and Azure AD sign-in activity

Download Free Trial

Change Auditor for Active Directory Queries

Solve migration and performance issues by analyzing Active Directory queries.

Download Free Trial

On Demand Audit

Search and investigate changes made on prem or in the cloud from a single, hosted dashboard.

Try Online

Change Auditor for Exchange

Document all critical group, mailbox and public/private changes to Exchange

Download Free Trial

Change Auditor for Windows File Servers

Track, audit and receive reports on all Windows File Server real-time system changes

Download Free Trial
Show more

Large Retail Chain

Change Auditor object protection is a lifesaver. I have it set up to prevent changes to the ACLs on certain directories on our file servers, as well as to protect all administrative accounts. We’ve had pen testers come in and be very surprised that they could not get past the Change Auditor object protection

Enterprise Administrator, Large Retail Chain Read Case Study

AFV Beltrame Group

With Change Auditor, we achieved our goal of gaining complete and centralized visibility of security audit operations across the entire Group— including not just our on-premises Windows file servers and domain controllers but also our Office 365 services, such as mail, SharePoint Online and OneDrive for Business

Mirco Destro CIO and IT Manager, AFV Beltrame Group Read Case Study

Region Halland

Previously, investigating an issue could easily take an hour. Change Auditor cuts that time to just 5–10 minutes.

Dennis Persson IT Systems Technician, Region Halland Read Case Study

Stevie Awards 2018 People’s Choice winner

In the 2018 Stevie Award’s People Choice awards, Change Auditor was voted best software and also won a Silver Stevie for best new product of 2018

Get Started Now

Experience real-time Microsoft Windows security & IT auditing.