AD auditing

  • 877 Views
  • Last Post 24 October 2016
MHogenauer1 posted this 22 February 2006

All,

 

We™re
looking for a good tool to run an initial audit of our AD environment to
establish a permission baseline.

We™re look
at Quest software AD management suite and also another product from NetPro
called security manager.

 

Does anyone have
any experience with either of these products or can someone recommend a better
solution.

 

Thanks in
advance,

Mike

Order By: Standard | Newest | Votes
jfigueroa posted this 22 February 2006

We are looking at http://www.manakoa.com/products/ but
we already have MOM

show

bdesmond posted this 17 August 2016

What are your requirements?

 



Thanks,

Brian Desmond

 

w – 312.625.1438 | c – 312.731.3132



 

show

kebabfest posted this 17 August 2016

We use manageedit. Dead easy to install, some good out of the box reporting, but you can also set up some decent in depth reports.

show

brians posted this 17 August 2016

Hi,

Try the products from Netwrix, I've used some of their free tools and they are great
Regards, Brian.


On Aug 17, 2016, at 6:19 AM, Anthony Van den bossche <Anthony.VanDenBossche@xxxxxxxxxxxxxxxx> wrote:

Hi All,   I am looking into a good auditing tool for Active Directory  Domain Services. At this moment our company offers SCOM ACS auditing for AD, capturing all events that are selected. Does anyone have any experience with ManageEngine or Varonis toolsets? Any suggestions are welcome. Thanks in advance!   Mvg,   Anthony Van den bossche
System Engineer
Anthony.Vandenbossche@xxxxxxxxxxxxxxxx

Direct +32 (0)2 801 54 59
Description: Description: C:\Users\BJTAF40\AppData\Roaming\Microsoft\Signatures\realdolmen_logo.gif

This e-mail message and any attachment are intended for the sole use of the recipient(s) named above and may contain information which is confidential and/or protected by intellectual property rights. Any use of the information contained herein (including, but not limited to, total or partial reproduction, communication or distribution in any form) by other persons than the designated recipient(s) is prohibited. If you have received this e-mail in error, please notify the sender either by telephone (+32 2 801 55 55) or by e-mail and delete the material from any computer. Please note that neither RealDolmen nor the sender accept any responsibility for viruses and it is your responsibility to scan or otherwise check this email and any attachments. RealDolmen is nor responsible for the correct and complete transfer of the contents of the sent e-mail, neither for the receipt on due time.

 

Anthony.Vandenbossche posted this 17 August 2016

Hi Brian,

 

Thanks for the prompt response. We are looking for an AD Auditing solution that can capture a number of selected events, across all Domain Controllers. What we do now is using

SCOM collectors, a SQL database and reporting services for this purpose. For customers without SCOM/SQL Cluster/Reporting services, this is a “big” project to setup.

 

Main requirement is AD security event filtering, that can be searched through reactively. Another one is proactive mitigation of threats.

 



Mvg,

 

Anthony Van den bossche


System Engineer


Anthony.Vandenbossche@xxxxxxxxxxxxxxxx



Direct

+32 (0)2 801 54 59


Mobile

+32 (0)476 83 80 23


Description: Description: C:\Users\BJTAF40\AppData\Roaming\Microsoft\Signatures\realdolmen_logo.gif



This e-mail message and any attachment are intended for the sole use of the recipient(s) named above and may contain information which

is confidential and/or protected by intellectual property rights. Any use of the information contained herein (including, but not limited to, total or partial reproduction, communication or distribution in any form) by other persons than the designated recipient(s)

is prohibited. If you have received this e-mail in error, please notify the sender either by telephone (+32 2 801 55 55) or by e-mail and delete the material from any computer. Please note that neither RealDolmen nor the sender accept any responsibility for

viruses and it is your responsibility to scan or otherwise check this email and any attachments. RealDolmen is nor responsible for the correct and complete transfer of the contents of the sent e-mail, neither for the receipt on due time.







 

show

g4ugm posted this 17 August 2016

A while ago I was tasked with setting up basic SIEM functionality to GPG13 (http://gpg13.com/) which I think would cover what you want. I first tried using SPLUNK as this was the recommended solution for the UK Public Sector networks. I failed miserably (don’t all laugh). I think I know where I went wrong. at the time but we had a third party web app that for some reason was trying to authenticate a local account against a domain controller and failing. The resulting log traffic kept blowing the SPLUNK licence limit and at the time I couldn’t figure out how to filter these events out. I think I now could… I ended up using Solar Winds LEM which just about did the job. It was pretty easy to set up, providing you can create a VM to run it in. . It did do a good job of alerting when something critical such as Domain Admins membership or Group Policy was changed, provided it was configured to do so.  Database searching was not fast but It was about 18 months ago so perhaps its quicker now It was one of the least expensive options.There is a free trial. Dave Wade 

show

mi6agent44 posted this 17 August 2016

We use Varonis and it’s fairly comprehensive.

 

Alerting, reporting and analytics/behavior modeling. The sticker price might a hard sell though….2 mil for 30k users.

 

The AD work View and sandbox is very useful for resolving perm issues and trying out de-provisioning routines.



 

Version 6.2 added GPO reporting as well…pretty sweet.

 

 

David Garland

AD/DNS/IPAM/Auditing

ITS Engineer III : Server Engineering

Technology Engineering Services (TES)

682.236.7602 (Office)

972.904.1772

THR%20-%20email

Follow us on Social Media

 

 

 

 

show

richardjsimon posted this 17 August 2016

Replying to David…regarding Varonis.

 

Can we take this offline?  We have a proof of concept with them now for file services…and thinking of adding in AD.

 

Thanks.

 

show

Anthony.Vandenbossche posted this 18 August 2016

Hi All,

 

We will look into Netwrix as you guys implied. Varonis is also something that interests us, partly because of the “new” GPO capabilities. Solarwinds I did not know about and

I asked internally whether we should pursue this path as well, but we will stick with Netwrix and Varonis.

 

@Richard: can I have some feedback of your POC? You can mail me at this address if you like. Thanks in advance!

 



Mvg,

 

Anthony Van den bossche


System Engineer


Anthony.Vandenbossche@xxxxxxxxxxxxxxxx



Direct

+32 (0)2 801 54 59


Mobile

+32 (0)476 83 80 23


Description: Description: C:\Users\BJTAF40\AppData\Roaming\Microsoft\Signatures\realdolmen_logo.gif



This e-mail message and any attachment are intended for the sole use of the recipient(s) named above and may contain information which

is confidential and/or protected by intellectual property rights. Any use of the information contained herein (including, but not limited to, total or partial reproduction, communication or distribution in any form) by other persons than the designated recipient(s)

is prohibited. If you have received this e-mail in error, please notify the sender either by telephone (+32 2 801 55 55) or by e-mail and delete the material from any computer. Please note that neither RealDolmen nor the sender accept any responsibility for

viruses and it is your responsibility to scan or otherwise check this email and any attachments. RealDolmen is nor responsible for the correct and complete transfer of the contents of the sent e-mail, neither for the receipt on due time.







 

show

stevelane85 posted this 22 August 2016

Also check this active directory auditing solution: http://www.activedirectoryauditing.net/

richardjsimon posted this 09 September 2016

Coming back to Varonis again.  The confusion the vendor seems to introduce for us, is that Varonis can replace ATA.

 

My research indicates a differently.

 

Thoughts on this?

 

show

bdesmond posted this 09 September 2016

ATA as in Advanced Threat Analytics or something else?

 



Thanks,

Brian Desmond

 

(w) 312.625.1438 | (c) 312.731.3132



 

show

gkirkpatrick posted this 10 September 2016

NetPro->Quest->Dell Change Auditor for AD is a good product.

 

-gil

 

show

rwf4 posted this 13 September 2016

Isn’t that NetPro->Quest->Dell >Francisco Partners and Elliott Management Change Auditor for AD?

 

Seriously, we have had it since the NetPro days and it is an outstanding solution. Highly recommended.

 

--bob

 

show

gkirkpatrick posted this 13 September 2016

J

 

I can say with certainty that I am glad I didn’t have to go through the Dell Software unacquisition.

 

-g

 

show

VolkerE posted this 14 September 2016

Hi,

 

we implemented “BeyondTrust PowerBroker Auditor for Active Directory” at some customers and are happy with the solution and how easy to implement it is.

 

BR,

Volker

 



 

show

Anthony.Vandenbossche posted this 19 September 2016

Did you use it only for the AD Auditing capability or also the least-privilege capabilities? I requested a demo for this product and I’m eager to see what they have to show.

Tomorrow I have a Varonis workshop at Brussels etc.. I will keep you all posted on the outcome on my search for the holy grail of AD auditing

J.

 

PS: SCOM ACS and SQL reporting already provided a good means to do auditing, but it’s just that..

 



Mvg,

 

Anthony Van den bossche


System Engineer


Anthony.Vandenbossche@xxxxxxxxxxxxxxxx



Direct

+32 (0)2 801 54 59


Description: Description: C:\Users\BJTAF40\AppData\Roaming\Microsoft\Signatures\realdolmen_logo.gif



This e-mail message and any attachment are intended for the sole use of the recipient(s) named above and may contain information which

is confidential and/or protected by intellectual property rights. Any use of the information contained herein (including, but not limited to, total or partial reproduction, communication or distribution in any form) by other persons than the designated recipient(s)

is prohibited. If you have received this e-mail in error, please notify the sender either by telephone (+32 2 801 55 55) or by e-mail and delete the material from any computer. Please note that neither RealDolmen nor the sender accept any responsibility for

viruses and it is your responsibility to scan or otherwise check this email and any attachments. RealDolmen is nor responsible for the correct and complete transfer of the contents of the sent e-mail, neither for the receipt on due time.







 

show

VolkerE posted this 20 September 2016

At the moment we just use the AD Auditing and alerting features.

We had to implement such a tool due to an external audit in the banking sector and they are happy now.

 

 

 

show

Anthony.Vandenbossche posted this 11 October 2016

Volker,

 

Do you have any ballpark figures on pricing for this product?

 




ANTHONY VAN DEN BOSSCHE


System Engineer


Hybrid Cloud



You can mail me

anthony.vandenbossche@xxxxxxxxxxxxxxxx


Call me at my UC number +32 2 801 54 59



RD Portal



www.realdolmen.com



This e-mail message and any attachment are intended for the sole use of the recipient(s) named above and may contain information which is confidential and/or protected

by intellectual property rights. Any use of the information contained herein (including, but not limited to, total or partial reproduction, communication or distribution in any form) by other persons than the designated recipient(s) is prohibited. If you have

received this e-mail in error, please notify the sender either by telephone (+32 2 801 55 55) or by e-mail and delete the material from any computer. Please note that neither Realdolmen nor the sender accept any responsibility for viruses and it is your responsibility

to scan or otherwise check this e-mail and any attachments.  Realdolmen is responsible neither for the correct and complete transfer of the contents of the sent e-mail, nor for the receipt on due time.



Think green, keep it on your screen



 

show

jheaton posted this 11 October 2016

We use Netwrix for our auditing.  Good pricing, and good monitoring.  I get reports throughout the day of Active Directory changes.

 

show

Show More Posts
Close