IT Security Search
Correlate disparate IT data into an interactive search engine
Seeing the un-seeable can be a challenge for IT. With billions of events to collect and review from a variety of sources, it’s difficult to find relevant data and make sense of it. And in the event of a security breach, either internal or external, the ability to locate where the breach originated and what was accessed can make a world of difference.
IT Security Search, a feature of several other Quest solutions, is an intelligent looking glass that uses simple, natural search language to help IT administrators and security teams perform fast security incident response and forensic analysis. The tool’s web-based interface correlates disparate IT data from numerous systems and devices into a single console and makes it easier than ever to:
- Reduce the complexity of searching, analyzing and maintaining critical IT data scattered across information silos
- Speed security investigations and compliance audits with complete real-time visibility
- Troubleshoot widespread issues should an outage or security breach occur
Features
IT Security Search is a free solution available as part of several Quest solutions including Enterprise Reporter, Change Auditor, InTrust, Recovery Manager for AD, and Active Roles that pulls data and feeds it into a single pane of glass. From here, you can easily review and act upon all of the various activities in your environment.
State-based data
- Gain critical insights into user, computer and group information, direct and nested group memberships, OU and file/folder permissions, ownership and more with Enterprise Reporter. Empower IT teams to comprehensively understand their state of security.
- View virtual attributes, dynamic group members, temporal group members and managed units from Active Roles
Real-time security auditing
- Search real-time information about changes to critical objects and sensitive data, whether on premises or in the cloud, with Change Auditor.
- Supplement native audit details with the actual user who initiated a change to AD, even if it was initiated through Active Roles
Collect and archive logs
Gather native (Windows server, Unix/Linux, workstation and more) logs as well as third-party logs from across your diverse enterprise network with InTrust log management.
Compressed, indexed, online repository
Conduct full-text search on long-term event log data and other server data for compliance and security purposes with InTrust, saving time spent looking for events.
Object recovery
Discover which AD objects have changed, including before and after values, and restore them in a few clicks with Recovery Manager for AD.
Tour
Events
Files
Users
Contextual filters
Forensic incident response
Specifications
- Compatibility
The following versions of data-providing systems are supported in this version of IT Security Search:
- InTrust 11.3, 11.2
- Change Auditor 6.9.3, 6.9.2, 6.9.1, 6.9, 6.8, 6.7, 6.6, 6.5
- Enterprise Reporter 2.6, 2.5.1, 2.5
- Recovery Manager for Active Directory 8.8, 8.7.1, 8.7
- Active Roles 7.1, 7.0
- Software Requirements
- Operating system:
- Microsoft Windows Server 2016
- Microsoft Windows Server 2012 R2
- Microsoft Windows Server 2012
- Microsoft Windows Server 2008 R2
- Additional software:
- Microsoft .NET Framework 4.5.1 or later
- Microsoft Windows PowerShell 3.0 or later
Additional requirements for the Recovery Manager for Active Directory connector please refer to the IT Security Search Release Notes.
- Operating system:
- Browser Compatibility
The IT Security Search Web interface works correctly with the following browsers:
- Microsoft Edge
- Microsoft Internet Explorer 11 or later
- Google Chrome 40.0 or later
- Mozilla Firefox 35.0 or later
The minimum supported monitor resolution is 1024x768.
- Hardware Requirements
- CPU: Quad-core; recommended: Intel Xeon E5-2670 v2 (Ivy Bridge) and 8–16 logical CPU cores
- RAM: 6GB minimum; 15GB or more recommended
- Disk: 100GB (SSD recommended); disk space requirements are very dependent on the volume of Enterprise Reporter data being processed, because the index size varies proportionally; the indexes for Change Auditor and InTrust data do not consume any disk space on the IT Security Search computer, because they are located in the data stores used by these systems
- If you deploy on a virtual machine, make sure the CPU and memory requirements above are met, and do not overload the virtual machine host
To find out the disk requirements for IT Security Search installation please refer to the IT Security Search Release Notes.
Resources
Inside a Mock Breach Investigation
Inside a Mock Breach Investigation
5 Administrative Tasks Made Easy with IT Security Search
In this webcast, learn how to simplify and enhance Active Directory administration and security with IT Security Search.
- More Resources
- Events & Demos
Take the next step
Related Products
Enterprise Reporter
Simplify security compliance and reporting across your Windows-based enterprise
InTrust
Securely collect, store and receive event data from Windows, Unix and Linux systems
Recovery Manager for Active Directory
Reduce backup recovery time and costs to reduce user impact
Active Roles
Simplify the security of your Active Directory