| 1. Active Directory auditing |
| 1.1 Logon auditing |
Provides information on both successful and failed logons. |
 |
|
| 1.2 Account lockout analysis |
Notifies of a lockout along with information on the reason of lockout. |
|
|
| 1.3 Object change audit |
Provides information on user, computer, group, and OU management actions. |
|
|
| 1.4 GPO change audit |
Provides information on GPO management actions and GPO settings changes. |
|
|
| 1.5 Permission change audit |
Provides information on changes to objects' permissions. |
|
|
| 1.6 Schema and configuration change audit |
Provides information on changes made to schema and objects inside the configuration containers such as sites. |
|
|
| 1.7 Replication auditing |
Provides information on AD replication status. |
|
|
| 1.8 Privileged user monitoring |
Provides information on all activities performed by privileged users in the domain. |
|
|
| 1.9 Before and after values of changes |
Provides information on the old and new values of changed attributes in the domain. |
|
|
| 1.10 User session recording |
Provides a video recording of user screen activity. |
|
|
| |
| 2. Azure AD/Microsoft Entra ID auditing |
| 2.1 Logon auditing |
Provides information on all successful and failed logons. |
|
|
| 2.2 Risk Detection |
Provides insights into risky sign-in attempts. |
|
|
| 2.3 User and device change auditing |
Provides information on all user and device management actions. |
|
|
| 2.4 Group membership and role change auditing |
Provides information on membership changes to groups and dynamic groups, and the assignment and removal of roles to users. |
|
|
| 2.5 Application change auditing |
Provides information on applications that have been added, updated, and deleted, and consent given to APIs. |
|
|
| |
| 3. File server auditing |
| 3.1 File/folder access audit |
Provides information on file/folder read, create, delete, and modify actions. |
|
|
| 3.2 File/folder permission change audit |
Provides information on file/folder DACL and SACL changes. |
|
|
| 3.3 File/folder failed attempts audit |
Provides information on failed attempts to read, write, and delete file/folder. |
|
|
| 3.4 Supported environments |
Windows, Windows failover cluster, NetApp, and EMC. |
+Synology, Hitachi, Huawei, Amazon FSx for Windows, QNAP, and Azure |
+Nutanix |
| |
| 4. Windows server and workstation auditing |
| 4.1 Local user logon auditing |
Provides information on both successful and failed logons on local machines. |
|
|
| 4.2 Local object change audit |
Provides information on local user and group management actions. |
|
|
| 4.3 Local policy change audit |
Provides information on changes to local security policy. |
|
|
| 4.4 File integrity monitoring |
Provides information on new programs and modifications to executable files. |
|
|
| 4.5 AD Federation Service (AD FS) auditing |
Provides information on both successful and failed AD FS logons. |
|
|
| 4.6 LAPS auditing |
Provides information on who is viewing or modifying local admin credentials. |
|
 |
| 4.7 User work hour tracking |
Provides information on employees' actual work hours (excluding idle time). |
|
|
| 4.8 Printer auditing |
Provides information on printer usage. |
|
|
| 4.9 PowerShell auditing |
Provides information on PowerShell processes that run in your environment along with the commands executed in them |
|
|
| 4.10 AD Certificate Services (AD CS) auditing |
Provides information on certificate-related activities on your AD CS servers. |
|
|
| 4.11 Scheduled task and process auditing |
Provides information on scheduled tasks that have been created, deleted, or modified, and processes that have been started or stopped. |
|
|
| |
| 5. Key functionalities |
| 5.1 Real-time auditing |
Allows tracking of security events in real-time. |
|
|
| 5.2 Real-time alerts |
Provides instant notifications upon of security events. |
|
|
| 5.3 User behavior analytics |
Allows detection of abnormal user behavior based on users' previous activity patterns. |
|
|
| 5.4 Video recording of user screen activity |
Allows capturing of user screen activity even if no logs are produced. |
|
|
| 5.5 Who, when, where, and what of changes |
Provides complete user audit trail— who did what, when, and from where. |
|
|
| 5.6 Before and after values of changes |
Provides information on changed attribute values (before and after) of AD objects. |
|
|
| 5.7 Quick search |
Allows tracking down specifics quickly. |
|
|
| 5.8 Graphs |
Provides a visual representation of audit data. |
|
|
| 5.9 Prepackaged reports |
Provides audit data with one click. |
|
|
| 5.10 Report customization |
Allows creation of reports according to user needs. |
|
|
| 5.11 Compliance reports |
Provides prepackaged IT compliance reports for SOX, HIPAA, PCI, GLBA, and GDPR. |
|
|
| 5.12 Automated report generation |
Allows automatic generation of reports at user defined time intervals. |
|
|
| 5.13 Automated report delivery |
Allows automatic emailing of reports to user specified email addresses. |
|
|
| 5.14 Export of reports |
Allows the export of reports to multiple formats like PDF, XLS, CSV, and HTML. |
|
|
| 5.15 Alert delivery |
Allows email and SMS delivery of alerts. |
|
|
| 5.16 Alert thresholds |
Allows configuration of thresholds based alerts. |
|
|
| 5.17 Incident response |
Allows execution of a predetermined action when an alert gets triggered. |
|
|
| 5.18 Long-term log retention |
Allows long term retention of audit data. |
|
|
| 5.19 SIEM integration |
Allows forwarding of audit data to SIEM solutions. |
|
|
| 5.20 Web-based console |
Allows access to the product over the web. |
|
|
| 5.21 Multiple domain auditing |
Allows configuration of multiple domains for auditing. |
|
|
| 5.22 Role-based access |
Allows role-based user access to product. |
|
|
| 5.23 Architecture |
Offers both agentless and agent-based audit data collection |
|
|
| |
| 6. Evaluation and purchase |
| 6.1 Evaluation |
Provides online demo, free instant trial, and personalized demo. |
|
|
| 6.2 Ease of installation |
Does not require professional assistance to deploy the solution. |
|
|
| 6.3 Licensing and pricing |
|
- Licensed based on the number of domain Controllers/ File servers/ Windows servers/ Azure AD tenants
- Pricing starts at $595 (annual subscription fee for 2 DCs).
|
- Licensed based on number of user accounts*.
- Pricing information is not publicly available.
|
Free Edition
