Receive notification if a critical server is accessed during unusual hours, or when there's been an unusual number of login failures.
Receive notification when a machine is accessed for the first time, or a dormant user account becomes active.
Receive notification when there is an unusual (and possibly unauthorized) volume of user management activity.
Receive notification if there's been an attempt to exfiltrate or delete data.
Receive notification when there is an unusual process running on a machine.
See who did what, when, and where, along with other details surrounding each anomaly.
Configure ADAudit Plus to execute a predetermined action when an anomaly gets detected.
For example, a user who consistently accesses a critical server outside of business hours wouldn't trigger a false positive alert because that behavior is typical for that user. On the other hand, ADAudit Plus would instantly send an alert when that same user accesses that server during a time they've never accessed it before, even if the time of that particular access falls within business hours.
Domain controller, member server, and workstation logs from across the Windows server environment are collected and processed.
Processed log data is used to create a baseline of normal logon, file, user management, and process activities specific to each user.
Incoming log data and baselines are compared to detect anomalies.
Security professionals are notified of anomalies in real-time via email or SMS, and anomalies can be viewed as reports via the ADAudit Plus console.
© 2019 Zoho Corp. All rights reserved.