Presentation is loading. Please wait.

Presentation is loading. Please wait.

Change Auditing Software

Published byScot Carr Modified over 8 years ago

Similar presentations

Presentation on theme: "Change Auditing Software"— Presentation transcript:

1 Change Auditing Software
Review of Netwrix Change Auditing Software I am going to give you a brief review Netwrix, a change auditing software we have been using for about a year and half.

2 Netwrix Auditor What is it?
It is a change and configuration auditing software. Ability to automatically track configuration changes to: Active Directory Microsoft Exchange Windows Servers Group Policy File servers Microsoft SQL Server SharePoint VMware Ability to track file changes Files on file servers NetApp Filer EMC Storage Netwrix a change and configuration auditing software. It has the ability to track configuration changes to several critical components that make up your IT infrastructure including: It also has the ability to track changes to files, folders, and shares on: SharePoint Windows file servers NetApp Filer And EMC Storage

3 Netwrix Auditor What is it? Other tools included:
User Activity Recording Inactive User Tracking Password Expiration Alerting It also includes some other tools for tracking changes: User Activity Recording – useful for tracking changes in applications that are not recorded in logs – acts like a screen recorder – You can choose which servers and even which applications are recorded Besides auditing changes Netwrix includes some other useful tools Inactive user Tracking – with Inactive user tracking you can automatically reset passwords of inactive accounts, move to a different OU, or delete accounts. Password Expiration Alerting – enables you notify users or managers of passwords that are nearing expiration.

4 Netwrix Auditor Why? Meet compliance requirements for auditors
What changed When was it changed Who changed it Peace of mind Receive immediate notifications of critical changes Ability to trace changes made Rollback capability Netwrix gives the ability to easily rollback changes to Active Directory Files changes can also be rolled back if your have volume shad copy enabled. Auditors wanted us to be able to track what changes were made, by who, and when. Besides making the auditors happy, It brought peace of mind knowing we would know if any changes were made to any of our servers. Ask yourself, How long would it take you to know if someone had gotten into your system and created an account with domain administrator privileges? Also, have you had a user tell you someone changed or deleted their file? It’s nice knowing you can track down who changed the file. Netrix has the a tool that allows easy rollback of changes made to Active Directory, it can also rollback file changes if you enable volume shadow copy (we have not).

5 Netwrix Auditor How? Purchase the components you need. License based on number of users. Netwrix Auditor for Active Directory Active Directory configuration, Group Policies, password expirations and inactive users Netwrix Auditor for Exchange Exchange configuration, mailboxes, permissions and mailbox access Netwrix Auditor for File Servers Permissions and access on Windows, EMC Storage and NetApp Filers Netwrix Auditor for SharePoint SharePoint farm configurations, security and content Netwrix Auditor for SQL Server SQL configurations and security Netwrix Auditor for VMware VMware vSphere and ESX configuration Netwrix Auditor for Windows Server Windows configuration, registry, services, and more, including user activity video recording Netwrix for Active Directory includes Group Policy tracking and the password expiration and inactive users tool. We purchased: The pieces for AD (which includes Group Policy), Exchange, Windows Servers, and File Servers Our total cost (which they had discounted) was $2,500 (for one year) Maintenance renewal was $625

6 Netwrix Auditor How? Hardware/Software requirements:
Windows 7 or 2008 or later (we are running Windows 7) 8 GB RAM (we have 16GB) Intel Core 2 Duo 2x 64bit, 3GHz (ours is a corei5 3.2GHz) 500MB for install 1GB for audit archive 500MB for SQL Server DB (we are using an existing SQL 2012 server) Hardware and software requirements are minimal. We have it installed on a desktop computer that also runs Shavlik (our patch management software) and Dameware (our remote management software).

7 Our Experience with Netwrix
Netwrix Auditor Our Experience with Netwrix We are using the following components: Auditor for Active Directory Auditor for Group Policy Auditor for Exchange Auditor for Windows Auditor for File Servers Total cost (based on 205 AD users) $2,500 Annual maintenance $625 We purchased: The pieces for AD (which includes Group Policy), Exchange, Windows Servers, and File Servers. We don’t own Vmware or EMC/Netfiler Our total cost (which they had discounted) was $2,500 (for one year) Maintenance renewal was $625

8 Netwrix Auditor At a glance The interface
Netwrix Auditor runs in a Microsoft Management Console, so it can only be viewed on the server hosting Netwrix. It integrates SQL Reporting Services for displaying and configuring dashboards and reports. It isn’t the most intuitive interface but it is fairly straightforward.

9 Netwrix Auditor At a glance Configuration
Configuration is pretty straightforward. All the different components are listed under Managed Objects Under each Managed Object are settings that are set for each one. The software will automatically check, and in many cases, configure the log settings on each server as you go through the setup.

10 Netwrix Auditor At a glance Reports
All of the reports are available by expanding the trees. There are enterprise wide reports and reports by each module This is an example of the report generation interface And this is an example of the report

11 Netwrix Auditor At a glance It has a subscription feature
Besides running the reports Ad-Hoc, you can also subscribe to specific reports and have them delivered to whomever you want on a schedule you determine.

12 Netwrix Auditor At a glance Example – Daily Email Summaries
By default the Netwrix is configured to send you daily summaries for each module containing the changes from the previous day.

13 Netwrix Auditor At a glance
Real-time Alerts and ability to create your own In addition to the Ad-Hoc reports, report subscriptions and daily summaries Netwrix Auditor for Active Directory also has the ability to provide Real-time alerts. Several are pre-configured but you can also create your own.

14 Netwrix Auditor At a glance Example – Alert Email Notification
Here is an example of an alert

15 Our Experience with Netwrix- the Good
Netwrix Auditor Our Experience with Netwrix- the Good Ability to drill down on dashboards Ok, here is what we Like about Netwrix There are several Dashboard built into the Netwrix interface. There is an Enterprise Dashboard and then one for each module. What I really appreciate is that allows you to drill down into the detail.

16 Our Experience with Netwrix- the Good
Netwrix Auditor Our Experience with Netwrix- the Good Tons of Pre-built Reports >200 The ability to run reports across modules Other useful reports There are a ton of pre-built reports. Netwrix claims there are more than 200. I also like the ability to run reports across module. For example this one show me all the changes John Peebles made in both AD and on the file server. And in addition to reports on configuration changes they include other useful reports like these.

17 Our Experience with Netwrix- the Good
Netwrix Auditor Our Experience with Netwrix- the Good Real-time Alerts and ability to create your own I know I already showed this slide, but this is definitely one of my favorite features. I love to be able to receive real-time alerts about specific kinds of changes. Not just because I’m a little paranoid but it can be a useful tool as well. For example, if you have one person responsible for adding a person to an AD group and a different person responsible for setting them up in an application, you can setup and alert that notifies that person when someone is added to an AD group whose members must also have access to the application.

18 Our Experience with Netwrix- the Bad
Netwrix Auditor Our Experience with Netwrix- the Bad Lots of information generated from normal server processes can be a bit overwhelming. Ok that was the Good, let’s talk about the Bad The daily summaries and reports can contain a lot of noise, many servers have changes they make on their own automatically and these changes show up in the reports. The do have a method for excluding specific actions but this exclusions have to be put in one or more of its exclusion configuration files and has to be formatted just right which is not particularly easy to do.

19 Our Experience with Netwrix- the Bad
Netwrix Auditor Our Experience with Netwrix- the Bad Report creation does not have the most intuitive interface The report creation doesn’t give you any examples or drop downs for constructing the filters so if you are unfamiliar with SSRS creating the filter can be a little difficult at first.

20 Buy Questions? Netwrix Auditor Conclusion Buy, Try, or Don’t Buy?
The software definitely does what it is supposed to do and then some. It has its quirks but overall it gets the job done and then some Questions?

Download ppt "Change Auditing Software"

Similar presentations

© 2010 Quest Software, Inc. ALL RIGHTS RESERVED Quests solutions for Windows Management Lee Elliott & Jonathan Culver – Technical Account Managers Windows.

© 2010 Quest Software, Inc. ALL RIGHTS RESERVED Quests solutions for Windows Management Lee Elliott & Jonathan Culver – Technical Account Managers Windows.
OVERVIEW TEAM5 SOFTWARE The TEAM5 software manages personnel and test data for personal ESD grounding devices. Test and personnel data may be viewed/reported.

OVERVIEW TEAM5 SOFTWARE The TEAM5 software manages personnel and test data for personal ESD grounding devices. Test and personnel data may be viewed/reported.
Acceleratio Ltd. is a software development company based in Zagreb, Croatia, founded in 2009. Acceleratio specializes in developing high-quality enterprise.

Acceleratio Ltd. is a software development company based in Zagreb, Croatia, founded in Acceleratio specializes in developing high-quality enterprise.
Maintaining and Updating Windows Server 2008

Maintaining and Updating Windows Server 2008
Tripwire Enterprise Server – Getting Started Doreen Meyer and Vincent Fox UC Davis, Information and Education Technology June 6, 2006.

Tripwire Enterprise Server – Getting Started Doreen Meyer and Vincent Fox UC Davis, Information and Education Technology June 6, 2006.
Patch Management Module 13. Module 2-421 You Are Here VMware vSphere 4.1: Install, Configure, Manage – Revision A Operations vSphere Environment Introduction.

Patch Management Module 13. Module You Are Here VMware vSphere 4.1: Install, Configure, Manage – Revision A Operations vSphere Environment Introduction.
VMware vCenter Server Module 4.

VMware vCenter Server Module 4.
Account Reset Console Delegated and secure self password resets Joe Vachon Sales Engineer.

Account Reset Console Delegated and secure self password resets Joe Vachon Sales Engineer.
ManageEngine ADSolutions Identity and Access Management Auditing & Reporting for Compliance.

ManageEngine ADSolutions Identity and Access Management Auditing & Reporting for Compliance.
Xerox ® ConnectKey™ for SharePoint ® Simple, Smart and Flexible Workflows BR4266 SO1PA-13UA.

Xerox ® ConnectKey™ for SharePoint ® Simple, Smart and Flexible Workflows BR4266 SO1PA-13UA.
Avaya Contact Center Control Manager. © 2010 Avaya Inc. All rights reserved. What if you could… 1 Requires purchase of additional connectors  Enable.

Avaya Contact Center Control Manager. © 2010 Avaya Inc. All rights reserved. What if you could… 1 Requires purchase of additional connectors  Enable.
1 Chapter Overview Planning an Audit Policy Implementing an Audit Policy Using Event Viewer.

1 Chapter Overview Planning an Audit Policy Implementing an Audit Policy Using Event Viewer.
Www.kriptonsolutions.com. Agenda Current Situation Current Problems Why Ekran System Ekran System Features Architecture Q & A.

Agenda Current Situation Current Problems Why Ekran System Ekran System Features Architecture Q & A.
Acceleratio Ltd. is a software development company based in Zagreb, Croatia, founded in 2009. We create innovative software solutions for SharePoint,

Acceleratio Ltd. is a software development company based in Zagreb, Croatia, founded in We create innovative software solutions for SharePoint,
Chapter-4 Windows 2000 Professional Win2K Professional provides a very usable interface and was designed for use in the desktop PC. Microsoft server system.

Chapter-4 Windows 2000 Professional Win2K Professional provides a very usable interface and was designed for use in the desktop PC. Microsoft server system.
IT:Network:Microsoft Server 2 Chapter 27 WINDOWS SERVER UPDATE SERVICES.

IT:Network:Microsoft Server 2 Chapter 27 WINDOWS SERVER UPDATE SERVICES.

Presenter: Nick Cavalancia Auditing Evangelist 3 Ways Auditing Needs to be a Part of Your Security Strategy Brought to You by.

Presenter: Nick Cavalancia Auditing Evangelist 3 Ways Auditing Needs to be a Part of Your Security Strategy Brought to You by.
1 Secure Email Services. 2 Secure Email is a hosted application that provides users with enterprise-grade business features including calendaring, contacts.

1 Secure Services. 2 Secure is a hosted application that provides users with enterprise-grade business features including calendaring, contacts.
© 2010 VMware Inc. All rights reserved Patch Management Module 13.

© 2010 VMware Inc. All rights reserved Patch Management Module 13.

Similar presentations

Ads by Google