Quest Change Auditor 迎來 GDPR支援

Quest Change Auditor 
迎來GDPR支援


就在今年稍早的五月份Change Auditor發表了一個大版本更新V7.0,自此展開了一段新的里程碑,除了新增了多項功能外,最大的改變是發表了Change Auditor Threat Detection,這個產品搭配上Change Auditor後讓Change Auditor如虎添翼一般,讓使用者不用在像大海一般的稽核記錄裡撈針,利用Change Auditor Agent搜羅來的記錄運用內建的智能系統加以分析,可以自動將潛在威脅找出提醒我們,倍力資訊會在另一篇專文做介紹,這裡就不再多加著墨。

話說五月份才發表了V7.0,一般來說通常要三個月才會有新版本問世,但是因為歐盟的GDPR在五月也開始實施,對於Change Auditor廣大的使用者來說這也是他們必須也必要關注的議題,作為稽核平台的Change Auditor當然也聽到了大家的心聲,雖然來不及跟V7.0一同發表,但是在GDPR實施了一季後,也將這段時間使用者的反饋加到裡面於是就發表了V7.0.1,自此Change Auditor正式支援GDPR

版本:V7.0.1
發表日期:2018.09.18

讓我們來看看Change Auditor V7.0.1有哪些新功能

GDPR built-in reports
        是的,內建超過190種專門為GDPR新設計的報表,能夠有效協助使用者遵守GDPR規範。

SIEM tool integration improvements
        支援了QRadar以及ArcSight,讓您將稽核記錄可整合至企業單一訊息平台。

Azure Active Directory auditing improvements
  • Azure AD 角色事件統整至”Azure Active Directory – Role”這個分類
    • 新增了以下的角色事件

                      ▪Azure Active Directory - Role event
▪ Eligible member added to role
▪ Eligible member removed from role
▪ Role assigned to eligible member
▪ Role assigned to eligible member
▪ Role assigned to member
▪ Role removed from eligible member
▪ Role removed from member
    • 新增了幾個搜尋模式

              ▪ Global Administrator role membership changes in the last 30 days
▪ Role membership changes in the last 30 days grouped by role
▪ Role membership changes in the last 30 days grouped by member
▪ All Azure Active Directory role events in the past 7 days.

  • 群組稽核改進
    • 新增以下的群組事件

                      ▪ Member added to group
▪ Member removed from group
▪ Owner added to group
▪ Owner removed from group
    • 新增以下搜尋模式

                      ▪ Group membership changes in the last 30 days grouped by group
▪ Group membership changes in the last 30 days grouped by member
▪ Group owner changes in the last 30 days grouped by group
▪ Group owner changes in the last 30 days grouped by owner
  •  額外的Azure AD欄位

                新增以下新的欄位在Layout頁面可供選擇



Active Directory auditing improvements
  • 能夠透過AD動態物件的事件來搜尋不特定的帳號、群組或電腦

               ▪ Dynamic User Object Added
▪ Dynamic User Object Changed
▪ Dynamic User Object Removed
▪ Dynamic Group Object Added
▪ Dynamic Group Object Changed
▪ Dynamic Group Object Removed
▪ Dynamic Computer Object Added
▪ Dynamic Computer Object Changed
▪ Dynamic Computer Object Removed
  • Domain Controller Configuration分類現更名為Configuration Monitoring
  • 帳號顯示名稱增加到What的事件說明裡面,當事件是帳號新增或刪除時 

Additional platform support
        ▪ Active Roles v7.3
        ▪ Microsoft Exchange Server 2010 SP3 RU22
        ▪ Microsoft Exchange Server 2013 CU21
        ▪ Microsoft Exchange Server 2016 CU10
        ▪ NetApp 9.3
        ▪ GPOAdmin 5.12
        ▪ CEE 8.5.1 for EMC auditing

Email alert updates
        當帳號相關事件發生時,可設定告警通知當事人或其主管

Office 365 Exchange Online search improvements
        現在能針對命令列指令部分參數作為搜尋結果的篩選條件

Miscellaneous enhancements and updates
  • 新增”no from-value”EMC稽核事件,請在更新Agent前將”no from-value”事件加入以下範本

                ▪ EMC File Access Rights Changed (no from-value)
▪ EMC File Ownership Changed (no from-value)
▪ EMC Folder Access Rights Changed (no from-value)
▪ EMC Folder Ownership Changed (no from-value)
  • SQL稽核精靈新增需要增加啟動參數-T 1906的提示
  • Exchange 郵箱保護支援了從 EWS 或 OWA 用戶端存取
  • Agent安裝記錄檔變更路徑為

        %ProgramFiles%\Quest\ChangeAuditor\Agent\Logs\ChangeAuditorAgentInstall.log.
  • Agent的工作列圖示可以顯示所有安裝且可使用的 Coordinator 伺服器
  • 稽核範本精靈新增協助功能
  • 多重樹系搜尋支援
    • 可以在Windows Client進行以下搜尋

                        - Coordinator configuration (SMTP, shared folder, and group membership)
- Purge and archive jobs
- Active Directory, AD Query, ADAM (AD LDS), Exchange, and group policy searches
    • 可以在Web Client進行以下搜尋

                        - Coordinator configuration (SMTP and group membership)
- Purge and archive jobs
- Active Directory, AD Query, ADAM (AD LDS), Exchange, and group policy searches

留言

這個網誌中的熱門文章

MSSQL 瘦身 : 壓縮資料庫

[SAP] 什麼是SAP? R/3 and S/4 是什麼意思? 差別在哪? (勿轉臉書)

InTrust 自動幫您蒐集 AD 帳號的登入/登出紀錄,長時間保存並保護