Quest Change Auditor 迎來 GDPR支援
Quest Change Auditor
迎來GDPR支援
就在今年稍早的五月份Change Auditor發表了一個大版本更新V7.0,自此展開了一段新的里程碑,除了新增了多項功能外,最大的改變是發表了Change Auditor Threat Detection,這個產品搭配上Change Auditor後讓Change Auditor如虎添翼一般,讓使用者不用在像大海一般的稽核記錄裡撈針,利用Change Auditor Agent搜羅來的記錄運用內建的智能系統加以分析,可以自動將潛在威脅找出提醒我們,倍力資訊會在另一篇專文做介紹,這裡就不再多加著墨。
話說五月份才發表了V7.0,一般來說通常要三個月才會有新版本問世,但是因為歐盟的GDPR在五月也開始實施,對於Change Auditor廣大的使用者來說這也是他們必須也必要關注的議題,作為稽核平台的Change Auditor當然也聽到了大家的心聲,雖然來不及跟V7.0一同發表,但是在GDPR實施了一季後,也將這段時間使用者的反饋加到裡面於是就發表了V7.0.1,自此Change Auditor正式支援GDPR。
版本:V7.0.1
發表日期:2018.09.18
讓我們來看看Change Auditor V7.0.1有哪些新功能
GDPR built-in reports
是的,內建超過190種專門為GDPR新設計的報表,能夠有效協助使用者遵守GDPR規範。
SIEM tool integration improvements
支援了QRadar以及ArcSight,讓您將稽核記錄可整合至企業單一訊息平台。
Azure Active Directory auditing improvements
- Azure AD 角色事件統整至”Azure Active Directory – Role”這個分類
- 新增了以下的角色事件
▪Azure Active Directory - Role event
▪ Eligible member added to role
▪ Eligible member removed from role
▪ Role assigned to eligible member
▪ Role assigned to eligible member
▪ Role assigned to member
▪ Role removed from eligible member
▪ Role removed from member
- 新增了幾個搜尋模式
▪ Global Administrator role membership changes in the last 30 days
▪ Role membership changes in the last 30 days grouped by role
▪ Role membership changes in the last 30 days grouped by member
▪ All Azure Active Directory role events in the past 7 days.
- 群組稽核改進
- 新增以下的群組事件
▪ Member added to group
▪ Member removed from group
▪ Owner added to group
▪ Owner removed from group
- 新增以下搜尋模式
▪ Group membership changes in the last 30 days grouped by group
▪ Group membership changes in the last 30 days grouped by member
▪ Group owner changes in the last 30 days grouped by group
▪ Group owner changes in the last 30 days grouped by owner
- 額外的Azure AD欄位
新增以下新的欄位在Layout頁面可供選擇
Active Directory auditing improvements
- 能夠透過AD動態物件的事件來搜尋不特定的帳號、群組或電腦
▪ Dynamic User Object Added
▪ Dynamic User Object Changed
▪ Dynamic User Object Removed
▪ Dynamic Group Object Added
▪ Dynamic Group Object Changed
▪ Dynamic Group Object Removed
▪ Dynamic Computer Object Added
▪ Dynamic Computer Object Changed
▪ Dynamic Computer Object Removed
- Domain Controller Configuration分類現更名為Configuration Monitoring
- 帳號顯示名稱增加到What的事件說明裡面,當事件是帳號新增或刪除時
Additional platform support
▪ Active Roles v7.3
▪ Microsoft Exchange Server 2010 SP3 RU22
▪ Microsoft Exchange Server 2013 CU21
▪ Microsoft Exchange Server 2016 CU10
▪ NetApp 9.3
▪ GPOAdmin 5.12
▪ CEE 8.5.1 for EMC auditing
Email alert updates
當帳號相關事件發生時,可設定告警通知當事人或其主管
Office 365 Exchange Online search improvements
現在能針對命令列指令部分參數作為搜尋結果的篩選條件
Miscellaneous enhancements and updates
- 新增”no from-value”的EMC稽核事件,請在更新Agent前將”no from-value”事件加入以下範本
▪ EMC File Access Rights Changed (no from-value)
▪ EMC File Ownership Changed (no from-value)
▪ EMC Folder Access Rights Changed (no from-value)
▪ EMC Folder Ownership Changed (no from-value)
- 在SQL稽核精靈新增需要增加啟動參數”-T 1906”的提示
- Exchange 郵箱保護支援了從 EWS 或 OWA 用戶端存取
- Agent安裝記錄檔變更路徑為
%ProgramFiles%\Quest\ChangeAuditor\Agent\Logs\ChangeAuditorAgentInstall.log.
- 在Agent的工作列圖示可以顯示所有安裝且可使用的 Coordinator 伺服器
- 稽核範本精靈新增協助功能
- 多重樹系搜尋支援
- 可以在Windows Client進行以下搜尋
- Coordinator configuration (SMTP, shared folder, and group membership)
- Purge and archive jobs
- Active Directory, AD Query, ADAM (AD LDS), Exchange, and group policy searches
- 可以在Web Client進行以下搜尋
- Coordinator configuration (SMTP and group membership)
- Purge and archive jobs
- Active Directory, AD Query, ADAM (AD LDS), Exchange, and group policy searches
留言
張貼留言