Advanced Configuration File Server Audit

 

Advanced Configurations in ADAudit Plus allows a user to define one or more audit actions that needs to be reported. It facilitates filtering rules for a user to create new actions or modify any of the pre-configured actions. Filters help to define actions to suit his reporting need. This allows for granular reporting.

 

Default Audit Actions and Configuring New Actions

 

ADAudit Plus shows a list of pre-configured File Audit Actions. Pre-Configured File Audit Actions available to you are based on a detailed study we undertook on commonly used auditing actions in various environments. However, we understand actions configured and provided by us can vary and have hence provided options to edit existing  actions or create new audit actions.

 

Any New File Audit Action configured will be listed for selection under the File Audit Report Profile.

 

Pre-Configured Actions for File Audit in ADAudit Plus

  • File Deleted- 2k8

  • File Permission Modified

  • File Auditing Settings (SACL) Modified - 2k8

  • File Modified - 2k8

  • File Modified - Write Data - 2k3

  • File Read Access Denied

  • File Write Access Denied

  • File Delete Access Denied

  • Successful file / folder read access

  • File Deleted - 2k3

  • File Permission Modified - 2k3

To configure a New File Audit Action:

  1. Click on File Audit -->> Advanced Configurations (under Configuration) .

  2. Click on "New File Audit Action" link.

  3. Enter the "Action Name".

  4. Enter the "Description" for Action Name.

  5. Enter the "Rule Group Name".

  6. Create "Filter Rules".

  7. A Filter Rule is a combination of a Variable and a Value connected by a relational operator.

  8. The Variable and the Relational Operator can be selected from Drop Downs.

  9. Variables listed in the Drop Down correspond to "File Audit" category.

  10. Any Number of filter rules can be added to a Rule Group.

  11. To add a Filter Rule, click on the Plus Icon .

  12. To remove Filter Rule, click on the cross icon .

  13. A Rule Group is defined by one or more filter rules combined by a common logical operator (AND or OR ).

  14. Any Number of Rule Groups can be Added.

  15. Click on "Add Rule Group" button to add a New Rule Group.

  16. To delete a Rule Group use the "Delete Rule Group" Button.

  17. Click on Update to Save the configured Action with the Action Name Provided.

You can also use Advanced Correlations when configuring a File Audit Action.

 

Provide a Check against Advanced Correlations. This will allow you to include a Time value for events occurring within a given time limit.

Example : If events from same server matching above rule groups occur in interval of __________seconds with same "Select from Drop Down".

 

To Modify a File Audit Action:

  1. Click on File Audit -->> Advanced Configurations  .

  2. Click on Modify Icon  against the File Audit Action that needs to be modified.

  3. This allows to modify the selected File Audit Action.

To Copy a File Audit Action

  1. Click on File Audit -->> Advanced Configurations .

  2. Click on Copy Icon  against the File Audit Action that needs to be copied.

  3. A copy of the Action Selected is created with a Name "Copy of ****** ".

  4. To modify the copy Click on Modify Icon  

Copyright © 2019, ZOHO Corp. All Rights Reserved.
ManageEngine
Get download link