ADAudit Plus Training
About ADAudit Plus
This training is designed to equip users with the knowledge to work with ADAudit Plus. In this training, you will learn about the best practices that helps you get started with ADAudit Plus.
Course Agenda
Introduction
- Overview of ADAudit Plus
- How does ADAudit Plus work?
- Key Features
- Benefits
Getting Started
- Installing ADAudit Plus
- Working with ADAudit Plus
- Update Patch Database
- Basic configurations
- Configuring Domains and Domain Controllers
- Configuring Audit Policies
- Configuring SACLs (System Access Control Lists)
- Configuring File Servers
- Configuring Member Servers
- Configuring Workstations
- Configuring necessary privileges to collect audit data
Active Directory Auditing
- Account Logon auditing
- Logon/Logoff auditing
- AD user object auditing
- AD computer object auditing
- AD group object auditing
- AD OU auditing
- Permission change auditing
- GPO auditing
- Other AD object auditing - Containers/Contacts/DNS etc.,
Account Lockout Analyzer
- Analyze Windows Services/Schedule tasks
- Network Drive Mappings/logon sessions/Process list
- Analyze logon activity – DC and local
- OWA and ActiveSync analysis
- Radius server logins
File Server Auditing
- Auditing Windows File Servers
- Windows failover server clusters audit
- NetApp Filer auditing
- EMC storage auditing
- File integrity monitoring
Member Server Auditing
- Audit logon activity on Servers
- Track process activity
- Audit policy changes
- Monitor system events
- Account management on Servers
- Printer auditing
- ADFS auditing
- Removable storage auditing(USB)
- AD LDS auditing
Working with alerts
- Default alert profiles
- Create new alert profiles
- Alert notifications
- Alert audit filters
- Threshold based alerts
- User based alerts
- Business hour alerts
- Customizing alert messages
Advanced Configuration
- Working with Report Profiles
- Working with event rules
- Creating new rules, rule groups etc.,
- Global exclude configuration
Administration
- Alert me configuration
- Add Technician
- Add new roles for technicians
- Scheduling and emailing audit reports
- Creating custom reports
- Archiving events
- Searching archived events
- Generate reports from archived events
- Import old archived "evt/evtx" files
- SIEM integration
- Configuring mail server
