manageengine admanager plus. agenda the aim of this presentation is to showcase: * how adaudit plus...

ManageEngine ADManager Plus

Upload: job-hudson

Post on 14-Dec-2015




3 download


Page 1: ManageEngine ADManager Plus. AGENDA The aim of this presentation is to showcase: * how ADAudit Plus works. * how ADAudit Plus be configured to extract

ManageEngine ADManager Plus

Page 2: ManageEngine ADManager Plus. AGENDA The aim of this presentation is to showcase: * how ADAudit Plus works. * how ADAudit Plus be configured to extract


The aim of this presentation is to showcase:

* how ADAudit Plus works.

* how ADAudit Plus be configured to extract event data.

* how ADAudit Plus reports and alerts help in security and IT compliance.

Page 3: ManageEngine ADManager Plus. AGENDA The aim of this presentation is to showcase: * how ADAudit Plus works. * how ADAudit Plus be configured to extract

What is Auditing ?

Changes are to be tracked, questioned and verified to ensure - an error free change management practice is followed to improve organization’s operations.

We name it Auditing.

The text book definition for auditing reads:

Auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations.

Auditing helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of

Risk management, Control Governance Processes.

Page 4: ManageEngine ADManager Plus. AGENDA The aim of this presentation is to showcase: * how ADAudit Plus works. * how ADAudit Plus be configured to extract

Why we need to audit the Active Directory ?

Active Directory is the backbone infrastructure of any organization.

It acts as a centralized repository for all authentications, changes and management actions in a domain.

This means that every change or any event that occurs anywhere in your organization will be recorded in the Active Directory.

Ignoring this will result in

1.Security breaches.2.Government imposed liabilities. (Non-conformance to compliance pre-requisites).3.Uncontrolled volumes of users, computers and other resources.4.Added expenditures.

Page 5: ManageEngine ADManager Plus. AGENDA The aim of this presentation is to showcase: * how ADAudit Plus works. * how ADAudit Plus be configured to extract

Relevance of ADAudit Plus

How the organization do Active Directory audit ?

What are its limitations?

Manually read Windows Logs for security events.

Not practical considering the •huge volumes of data, •varied audit requirements and •limited storage capabilities.

Using Scripts and Command line tools. They are tedious, not effective and dependency on individuals with scripting knowledge.

Employing an Auditing Professional. Economically not the best choice one would consider. Risk of data being compromised.

Page 6: ManageEngine ADManager Plus. AGENDA The aim of this presentation is to showcase: * how ADAudit Plus works. * how ADAudit Plus be configured to extract

ADAudit Plus

What it is?

An auditing software for Active Directory, file server and member server, ADAudit Plus is capable of exposing the four dimensions of a change: “who” did “what”, from “where” and “when”.

What's on offer?

Prepackaged reports. Configurable reports, alerts and notifications. Configurable object tracking. Member and File server auditing – inclusive of alerts & notifications. Terminal Services Activity monitoring User logon action tracking

Page 7: ManageEngine ADManager Plus. AGENDA The aim of this presentation is to showcase: * how ADAudit Plus works. * how ADAudit Plus be configured to extract

Compliance & ADAudit Plus

Every regulatory act asks for:

Access Controls to be respected.

Exclusive Protection to be offered to File Servers (It Storehouses of all data).

Any access breach be notified.

For a report of who is accessing what information and what is he doing with the storehouses (file server, etc.)

Page 8: ManageEngine ADManager Plus. AGENDA The aim of this presentation is to showcase: * how ADAudit Plus works. * how ADAudit Plus be configured to extract

ADManager Plus Vs ADAudit Plus

ADManager Plus: Fulfills all your Active Directory and Exchange management, reporting, and helpdesk delegation needs. The product also offers a “one-of-its-kind” service: “readymade” and “compliance-ready” reports to help you achieve IT compliance. 

ADAudit Plus: Active Directory auditing software, which captures and scrutinizes all the changes that happen in it. Covers the four dimensions of an event: “Who” effected “what” change, “when” and from “where” (which machine). 

Page 9: ManageEngine ADManager Plus. AGENDA The aim of this presentation is to showcase: * how ADAudit Plus works. * how ADAudit Plus be configured to extract

How ADAudit Plus works?

ADAudit Plus collects the information about a change from EventLog of domain controllers, file server, and member servers. Then it converts this into human-readable reports.

NOTE: ADAudit Plus collects only security events from EventLog.

Page 10: ManageEngine ADManager Plus. AGENDA The aim of this presentation is to showcase: * how ADAudit Plus works. * how ADAudit Plus be configured to extract

ADAudit Plus's Provision

ADAudit Plus is designed to address all crucial reports on:

* User Logon* Local Logon-Logoff* Account Management * User Management* Group Management* Computer Management* Domain Policy Changes* OU Management* GPO Management* File Changes

All these reports are mandated by several IT regulatory acts. User logon reports also include details about Terminal Services access.

Page 11: ManageEngine ADManager Plus. AGENDA The aim of this presentation is to showcase: * how ADAudit Plus works. * how ADAudit Plus be configured to extract

ADAudit Plus Strength: Customized Reporting & Alerts

Have you ever watched those who watch The President? They scan every inch of an area! That's how it should be when it comes to organizational security or IT compliance.

ADAudit Plus offers a great deal of data extraction capabilities in the form of “Report Profile”. In plain terms, it is nothing but “Customized Reporting”.

What's Report Profile?

In a nutshell, this is your own “event extractor”, for there might be times when you will need more information than what ADAudit Plus prepackaged reports have to offer.

Page 12: ManageEngine ADManager Plus. AGENDA The aim of this presentation is to showcase: * how ADAudit Plus works. * how ADAudit Plus be configured to extract

Report Profiles for extensive reporting

Imagine, you are in need of a report which showcases modifications done to user accounts in a particular folder. In such cases, you can create your own reports.

Page 13: ManageEngine ADManager Plus. AGENDA The aim of this presentation is to showcase: * how ADAudit Plus works. * how ADAudit Plus be configured to extract

Alerts & Alert Profiles

What good is an auditing software that cannot alert you about critical issues?!

ADAudit Plus offers a great deal more flexibility in alerts too. You not only can schedule alerts on prepackaged reports but also on your homemade reports too! You can even have these alerts emailed!

NOTE: Critical events such as adding a user account to Admin group can be included in custom report and be alerted.

Page 14: ManageEngine ADManager Plus. AGENDA The aim of this presentation is to showcase: * how ADAudit Plus works. * how ADAudit Plus be configured to extract

Scheduling Reports & Alerts

When you schedule a report or alert, make sure you set the update interval to what you think is the best, in case you do not have an organizational policy for that. As always, highly critical report trackers or alerts should be having a low update interval value, so that you get the most up-to-date info frequently.

Page 15: ManageEngine ADManager Plus. AGENDA The aim of this presentation is to showcase: * how ADAudit Plus works. * how ADAudit Plus be configured to extract


Not everything you audit is worth auditing! Sometimes, you might be spending resources in auditing unwanted events. For example, the application might be tracking temporary files created whenever a resource accesses a filer server. ADAudit Plus comes in with inbuilt exclusions. All you need to do is configure.

Page 16: ManageEngine ADManager Plus. AGENDA The aim of this presentation is to showcase: * how ADAudit Plus works. * how ADAudit Plus be configured to extract


Excluding Safe But Exhausting Accounts from Monitoring

Sometimes certain activities need not be monitored. For example, service accounts create an avalanche of events, which are of no importance. In case, your organizational policy allows for excluding this, you can always depend on ADAudit Plus's advanced configuration filters to exclude them from auditing.

Page 17: ManageEngine ADManager Plus. AGENDA The aim of this presentation is to showcase: * how ADAudit Plus works. * how ADAudit Plus be configured to extract

Say you want to exclude event duplication in file server auditing, you could very well do so with the help of “Advanced Configuration”.

Page 18: ManageEngine ADManager Plus. AGENDA The aim of this presentation is to showcase: * how ADAudit Plus works. * how ADAudit Plus be configured to extract

Event Clean-Up: Archiving & Regeneration of Reports

Many IT regulatory acts demand that reports be maintained for a stipulated time period, which sometimes are as long as 7 or 10 years! Imagine, storing data for that long and reproducing it without any hiccups! That's one challenge in itself.

However, ADAudit Plus comes in with inbuilt archiving system, which zips processed data and stores it in the location you prefer. ADAudit Plus easily reanimates this information in the form reports as soon as the archived data is loaded back into the system!

Page 19: ManageEngine ADManager Plus. AGENDA The aim of this presentation is to showcase: * how ADAudit Plus works. * how ADAudit Plus be configured to extract
Page 20: ManageEngine ADManager Plus. AGENDA The aim of this presentation is to showcase: * how ADAudit Plus works. * how ADAudit Plus be configured to extract


What are the benefits of all this?

The first and foremost benefit of ADAudit Plus is that you will be alerted of anomalies early on and could prevent it from magnifying into catastrophe.

Your organization stays compliant with IT regulatory acts such as HIPAA, SOX, etc., as ADAudit Plus also helps in File and Member server auditing, which are the storehouses for every organization.

ADAudit Plus's archival system allows for safekeeping of relevant business data, at once satisfying the retention policy of several IT regulatory acts.

Forensics: Problem identification becomes effortless with the solution offering you 4 different aspects of a change.