Hello. My name is Neil Belfour, and I'm one of the solution engineers here with Quest. And today, I'm going to demo Change Auditor for SQL. Change Auditor is an auditor framework application within our portfolio, but today we're going to focus on the SQL module.
Change Auditor is a Microsoft SQL back-ended application. It is also an agent-based application, so you would have to deploy an agent to each individual SQL server. Once the agents are deployed, you configure what you want to audit within the application.
When you go to configure Change Auditor for SQL, there are two levels of SQL that we're auditing. We're auditing SQL at the server level. We're also auditing at the data level. So, inside the database itself.
From a server level, we're auditing when log ons would be created, when databases would be created, dropped. Anything along those lines. The data level auditing is going inside the database itself.
There are multiple consoles within Change Auditor. What you're looking at right now is the thick console for the application. You could have the thick console installed in as many locations as you want.
There are also two web consoles to view this information. There is a configuration console, very similar to the thick console that is web based. And there is also an IT Security Search console, which is very similar to Google search for your Change Auditor, and you would be able to do keyword searches.
But going back to the thick console, the Start screen is where it all begins. The overview is kind of like the real time sports ticker. You would see your top agent activity, as well as your agent status, and all events that have happened within the past few minutes, and you could always do a manual refresh on this.
To see specific events associated with today's topic of SQL, you can go into the Search field. The Search field includes all of the searches/reports that come inclusive with Change Auditor. There were about 600 that are built in, and they vary upon multiple categories.
There are also shared searches for other members of your team, and as well as private searches, and you could easily see here which ones are enabled for alerts, which ones are enabled for reports. I already have an existing report set up here for all SQL events, and now you would notice this is what a report would look like within Change Auditor, and it's exportable to a variety of formats. And I can highlight any of these specific events, and now we get very big into the who, where, when origin of this.
In this case, we can easily see that inside of a database, ARS sync [? 7, ?] that an index was removed from a table. Well, what was that index that was removed from the table? Index [? UKey ?] connect with this variable number removed from table DBO.connections. That's being done at the database level standpoint-- the data level.
We can also see that an object was renamed. If I wanted to drop it down and target specific type of events, we can easily do that. If I wanted to pull up which database was created, I can easily see the details to that, and the database forest recovery persistence was created, by who, where, when, and the origin.
Once again, this was Change Auditor for SQL. So that concludes this demo today. For more information, feel free to visit the Change Auditor URL listed on the screen. Thank you.
04:06
