Active Directory Auditing and Reporting
Reports from Archived data:
As enterprises grow in size and stricter compliance practices are enforced upon them by regulatory bodies, archiving and the ability to track by regenerating archived data turns into an essentiality rather than a choice.
Some of the regulatory acts require business data to be retained for 3 to 10 years. Imagine the difficulty involved in reproducing the data, as it were some 7 or 8 years ago, especially with native archive methods not designed for such needs. This calls for archiving audit data in a format that is easily understandable by commonly used systems, when they are reproduced.
Need for Archiving:
The need for archiving does not stop with compliance. Archived data is very important for organizations in-order to:
In the following paragraphs, highlighted are the challenges of native archiving/regeneration methods. Each challenge is followed by the desired alternative. ADAudit Plus is an amalgamation of all that is desired in archiving.
AD change data is stored in the security log of Domain Controllers which is limited to a maximum of 4GB in size. Also log management options like ‘Overwrite events as needed’ and ‘Do not overwrite’ prevent storage of events for longer periods of time.
This explicates the need to schedule the transfer of excessive logs to a secondary storage.
The entire journal of activities, logged into the security logs of Domain Controllers might not be useful. This is taking into consideration the space required for storing inordinate volumes of log data.
Experts advise to filter, clutter out and archive only the information that will be relevant to track for an operational, security or compliance need. This greatly helps reduce the archive data storage requirements.
While archiving, files are compressed so that they consume optimal space. During the compression process, event headers are tagged along with their respective event data in binary format.
The binary format is not conducive for regeneration of archived audit data, because rebuilding them over a period of time becomes impossible.
Regeneration of archive data, the ADAudit Plus advantage:
ADAudit Plus advantages, that help in the regeneration of archived data include:
Historical Reports by Regeneration of Archived Data:
Apart from helping organizations with the storage of desired archive data, ADAudit Plus can also produce reports for any user-defined time period using it. This simplifies the entire cumbersome audit data storage and re-creation of reports from them.
Any audit log data used for reporting, can be cleared from ADAudit Plus database and archived. The clearing is based on audit categories and category specific schedules defined by users.
Audit Categories in ADAudit Plus that assist in the restoration of processed audit data for Historical Reporting:
Account Logon, Account Creation, User Modification, Computer Modification, Group Modification, Domain Policy Changes, OU Management, GPO Management and Local Logon-Logoff.
This archived data can be easily restored and used by ADAudit Plus application for “custom reporting”, where users determine the reporting period. Custom reporting for any older date is always possible in ADAudit Plus with this restored data.
Such custom reports play a vital role in forensics, security, and compliance auditing.
What is different about the archive process of ADAudit Plus?