ADAudit Plus Release Notes



Build 7003 (September 2021)

Enhancement

  • Azure Active Directory (AD) can now be configured without configuring an on-premises AD domain.

Fixes

  • A few logon reports that were not moved to DataEngine in build 7000 have been moved.
  • Member name column has been added under Group Management reports.
  • Issue in PowerShell event parsing when script contains '\t' tab character has been fixed.
  • Azure throttle error has been handled.
  • Azure tenants that are not named onmicrosoft.com can also be configured now.
  • Issue in actor name parsing under Azure reports has been fixed.
  • Agent not communicating alert will now get suspended when a machine is deleted/disabled from AD or unconfigured from ADAudit Plus.

Build 7002 (August 2021)

Fixes

  • An SQL query exception in the Recently Enabled Users, Recently Disabled Users, and Recently Locked Out Users reports has been fixed.
  • An issue while applying the license caused due to the presence of multiple versions of a jar file has been fixed.
  • An issue in fetching events from NetApp, EMC, and Hitachi NAS servers has been fixed.

Build 7000 (August 2021)

Features

  • User logon reports are now stored in the DataEngine for faster search and reporting.

Enhancements

  • The ADAudit Plus agent can now connect with the server without using VPN over the internet by providing Fully Qualified Internet Hostname.
  • You can now configure network address translation (NAT) device settings from ADAudit Plus' UI. NAT devices are used in agent to server communication.
  • You can now receive email alerts when the disk space is low and when the product shuts down due to low disk space.
  • Member severs, workstations, and domain controllers are automatically configured into the product when the agent is installed on the target machine to minimize manual configuration (non-persistent VDI, Azure Virtual Desktop).
  • ADAudit Plus now supports the following remote and virtual desktop technologies through agent installation:
    1. Direct Access
    2. Persistent and non-persistent VDI
    3. Linked Clone and Full Clone VDI in VM
    4. Azure Virtual Desktop.
  • In Account Logon report under Profile-based reports, the chart type has been changed from vertical bar (3D) chart to a time series graph.

Fixes

  • In File Audit reports, an issue in exporting the Folder Audit Setting Changes (SACL) report along with sub-reports has been fixed.
  • A configuration has been added to automatically change the event fetch mode to real-time when the agent is installed manually.
  • An issue related to configuration file corruption in the agent when the system drive is out of disk space has been fixed.
  • High CPU utilization while excluding files or folders from File Audit/File Integrity Monitoring has been fixed.
  • A query exception that occurred while viewing the All Users Activities and User Activities reports when logged in as a technician with delegated control over an OU has been fixed.
  • 2k3 OS servers/Domain Controllers can now use WMI event fetch mode as legacy APIs are no longer supported with Windows' latest update.
  • An issue that prevented the Computer Startup and Shutdown report from showing the Shutdown process name has been fixed.
  • In reports, an issue while using underscore "_" in the search string has been fixed.
  • The issue of an empty line appearing in xls while exporting a report with sub-report has been fixed.
  • An issue with parent domain credentials getting rejected for printer auditing in a child domain has been fixed.
  • An issue in updating the last read event time in the UI while reading the audit files from NetApp Cluster devices has been fixed.

Build 6077 (July 2021)

Fixes

  • Issue in refreshing the Summary View on the Dashboard has been fixed.
  • Issue related to Azure event fetch getting stuck has been fixed.
  • Issue in fetching Isilon event data on machines running the product in Chinese has been fixed.
  • Issue in reading large number of files from Huawei OceanStor storage systems has been fixed.
  • An account takeover vulnerability (CVE-2021-37927) during SAML login, reported by HaYiCle from E-CQ has been fixed.

Build 6076 (June 2021)

Fixes

  • A startup issue that occurs on upgrading to Build 6075 has been fixed.
  • An issue that caused audited data to not be shown under Synology NAS reports has been fixed.

Build 6075 (June 2021)

Features

  • Advanced DNS Server auditing: Track DNS service status, scavenging activity, zone changes, record changes, configuration changes, and more.
  • AD Replication auditing: Monitor the start and end time of replication; track replication changes, failures, and more.

Enhancements

  • File Integrity Monitoring can now be implemented for workgroup servers added as member servers or workstations.
  • Day based Logon Errors report provides a summary of all logon failures every day.
  • Day based Logon Service report provides a summary of all logons daily.

Fixes

  • Issue in GPO Settings Changes report for Default Domain/Domain Controller Policies in case of multiple domains has been fixed.
  • User Rights Assignment Changes report no longer shows unchanged values.
  • Domain DNS name is now displayed for success events when two domains share the same flat name.
  • Old and new value columns are no longer blank while exporting Custom Reports for User Attribute New and Old Value report.
  • Issue in filter variables for Netlogon vulnerable Schannel Connection Audit report profile has been fixed in alerts.
  • In Reports, issue in Advanced Search while using special character "_" has been fixed.
  • In Schedule Reports, issue of wrong slash (/) in mail link has been fixed.

Build 6072 (May 2021)

Fixes

  • Issue with SAML authentication based single sign-on when User Principal Name is used has been fixed.
  • Issues in Azure AD reports arising due to errors in parsing of Azure event data have been fixed.

Build 6071 (April 2021)

Fix

  • Issue with event collection in RealTime mode has been fixed.

Build 6070 (March 2021)

Feature

  • Audit file accesses and permission changes across Huawei OceanStor storage systems. Follow the steps in this guide to configure Huawei OceanStor auditing with ADAudit Plus.

Enhancement

  • ADAudit Plus now uses digital code-signing to ensure the integrity of the software.

Build 6068 (February 2021)

Fix

  • Issue in processing of Azure event data collected via Microsoft Graph API has been fixed.

Build 6067 (February 2021)

Enhancement

  • Events in Azure AD can now be collected via the Microsoft Graph API, and users can choose to move to this mode from ADAudit Plus' UI.

Fix

  • A query exception in the User Work Hours report has been fixed.

Build 6066 (January 2021)

Enhancements

  • Work shift timings are taken into account while calculating User Work Hours, allowing for more accurate readings.
  • Client machine name and client IP address are shown (when accessed via share) under File Integrity Monitoring reports.
  • AlertMe notifications can now be sent as unzipped files.

Fixes

  • Issue in exporting aggregate reports for a custom period has been fixed.
  • Issue in saving scheduled reports as zip files when mail is configured has been fixed.
  • Issue in updating e-mail for alert profiles in bulk has been fixed.

Build 6062 (November 2020)

Features

  • All user activities can now be found in a single report, under Account Management.
  • Audit and report on the use of Netlogon vulnerable Schannel connection by Windows devices.

Build 6061 (October 2020)

Fixes

  • Minor bug fixes.

Build 6060 (October 2020)

Features

  • Single sign-on (SSO) to ADAudit Plus through NTLM or SAML authentication: Configure SSO to access ADAudit Plus using Okta, OneLogin, Ping Identity, Federation Servers, and other custom identity providers.
  • Hitachi NAS devices auditing: Audit file accesses and permission changes across Hitachi NAS devices.

Enhancements

  • Get more granular visibility into Azure Active Directory logon activity with newly added reports.
  • ADAudit Plus audit data can be forwarded to multiple Syslog/SIEM, Splunk, and ArcSight servers simultaneously.

Fixes

  • The ADAudit Plus agent can be deployed on file servers which have the Domain Controller role enabled.
  • Changes made to Custom Reports (matrix view) will get reflected when they are scheduled for delivery over email in the ZIP format.
  • Alert Me notifications will no longer be generated for file shares which have been unconfigured (i.e., configured and later removed) in the product.

Build 6058 (September 2020)

Fixes

  • Issue in agent based event collection has been fixed.

Build 6057 (August 2020)

Fixes

  • Issue in GPO Setting Changes report has been fixed.
  • Permission to access schedule reports and GPO setting values can now be granted to technicians.

Build 6056 (August 2020)

Fixes

  • Issue in User work Hours report has been fixed.

Build 6055 (July 2020)

Enhancements

  • Server to agent communication has been updated to happen over HTTP. This ensures that agent service, property, and configuration sync details can be viewed under the Manage Agent tab without any hassles.
  • Agent can now be managed from the Agent Settings tab located in the Admin page.
  • Cloud directory can now be configured using Multi-Factor Authentication (MFA) enabled accounts.

Fixes

  • Replication issue in High Availability set-up.
  • Stored XSS vulnerability in Business Hours and Technicians features.
  • Duplication issue in Analytics reports.
  • Issue in File Integrity Monitoring not working in systems running Japanese OS.
  • Issue with scheduled reports (saved in one-level folders) not getting deleted.
  • Issue with tabular columns in Time Series graph under Custom Reports not getting sorted.
  • Issue with Display Name column in Custom Reports for User Management.
  • Issue with privilege escalation alert getting triggered when a user exercises privileges over his own account (it will continue to get triggered when a user exercises privilege for the first time over any other account).

Build 6053 (May 2020)

Fixes

  • Vulnerability caused due to Apache Struts has been fixed (Apache Struts dependency has been removed from ADAudit Plus).

Build 6052 (May 2020)

Fixes

  • This release includes fixes for the unauthenticated change to integration system configuration vulnerability (CVE-2020-24786) reported by Florian Hauser.

Build 6050 (April 2020)

Feature

  • Azure AD password protection auditing — Track successful and failed password set and password change activities.

Enhancements

  • LDAP auditing now provides information on secure binds, unsecure binds, and binds which have been rejected because of errors.
  • Performance improvements have been made on the Analytics module to consume less system resources.
  • Shares configured for auditing will continue to get audited, even if their location is changed.
  • Search option has been added to help select reports, under Schedule Reports.
  • Multiple SMS recipients can be included in alert profiles.
  • Alert link URL for an alert profile can be customized.
  • The entire alert profile list as well as individual alert profiles can be exported.
  • Refresh and filter options have been added to Restore Archive Events.
  • Advanced GPO reports can be forwarded to any SIEM solution
  • Old and new values of OU-level and domain-level permission changes can be forwarded to ArcSight.

Fixes

  • Analytics alerts will no longer get duplicated and will display the correct domain name.
  • Program, Program(x86), and SystemRoot files will get configured by default, in File Integrity Monitoring.
  • Special characters will get parsed in Synology NAS auditing.
  • Under Alert Profile and Custom Reports filters, users and groups can be selected without any issues.
  • Special characters can be used in passwords when migrating database to MSSQL server.
  • Agent will collect data from a server even when only one among Server name, Server IP, or Server DNS is correct.
  • Under Alert me, failure events can be configured for cloud directory events.
  • Under User Created and Computer Created reports, changes to all User-Account-Control attribute values will get displayed.
  • Add To Dashboard option will not be visible to technicians who do not have the privilege to view the Dashboard (Home).
  • Under Archive Events, there will be no discrepancy between archive category size and audit data size.
  • Changes to firewall GPO settings will be audited.
  • Changes to security options settings (local security policies), newly added in 2012 R2, will be audited.
  • Login failures will no longer occur in the domain where ADAudit Plus is installed, when user name is used in the UPN format under Domain settings.
  • Technicians will no longer face login issues, when the domain flat name of configured AD and Azure AD domains is the same.
Copyright © 2022, ZOHO Corp. All Rights Reserved.
ManageEngine
Get download link