AD Auditor

The excessive access privileges, the increasing amount of devices with access to confidential data, and the employee's ignorance about security policies can lead to significant data breaches. Not only the hackers attempt to steal data, but also workers looking for selling valuable information to the competition.

AD Auditor

The UTMSTack AD Auditor is divided into three sections: Overview, AD auditor, and Activity Tracker.

The excessive access privileges, the increasing amount of devices with access to confidential data, and the employee's ignorance about security policies can lead to significant data breaches. Not only the hackers attempt to steal data, but also workers looking for selling valuable information to the competition.

The goal of a proper Access Right Management is to reduce the risk of both internal and external attacks. UTMStack AD Auditor, helps IT staff to distinguish between authentic and malicious access attempts, monitoring user activity, privileges, and permissions.

 

Overview

Provides an overview of the active directory

Overview

Overview

Overview

This page displays a graphical organization's Active Directory view divided into five tiers:

  1. Quick user info. It displays the number of:

 

Click on the numbers to display a detailed user's list with the following fields:

FIELD

DESCRIPTION

Name

The real name of that user in the system

Account

Account name

Member of

Group, the user belongs to.

Last logon

Last date the user logged into the system

Created at

The date the user account was created.

Action

The following actions are performed: view User events, download reports, or create tracker over an object(add to tracking).

 

Click on any field to display a pop-up window displaying the timeline and details of the events. You can select to track all the users simultaneously or generate reports. Time filtering allows you to set a custom date for the last logon time and the creation time.

This table describes the actions the user can execute.

ACTION

DESCRIPTION

View Users events

Displays user events details and a timeline with time filtering.

Download report

Allows creating two types of scheduled reports: events or details. You can set the desired time and frequency and add an email address.

 

 

 

Create tracker over an object

It allows the user to create or delete trackers over objects to see the related events by time and amount. The user can define the object type: user, group, computer, or object.  It displays all-time events or filters by time.

 

You can apply filters to narrow the search: Name, SAM account name, and Member of.

 

  1. Permission grants a user or groups the right to perform a specific action. It displays the number of:

FIELD

DESCRIPTION

Name

The real name of that user in the system

Start tracking

Starting date and time

Last event date

Last event date

Amount of events

Amount of events

Action

The following actions are performed: delete tracker over an object and download a report

 

The user can also set a custom range of time or apply commonly used filters such as the last 15 minutes, last hour, last seven days, last year, etc. It is possible also to filter by name, object type, and count event.

The tracking notification option can be configured to send notification emails or SMS.

 

  1. Charts

Mouse over the lines to preview the exact date and time the events occurred. Every object is represented with different line colors.

 

  1. User's activity. This tier displays information about the user's activity:

The user can also set a custom range of time.

 

  1. Administrators with MORE INACTIVE DAYS. A table displays the next fields:

FIELD

DESCRIPTION

Name

The real name of that user in the system

Account name

Account name

Last logon

Last date the user logged into the system

Member of

Group, the user belongs to

Created

The date the user account was created

 

The user can define the number of days.

Click on account name to display a pop-up window displaying the timeline and details of the events

AD Auditor

The UTMSTack AD Auditor is divided into three sections: Overview, AD auditor, and Activity Tracker.

AD Auditor

AD auditor

  1. This section displays the Active directory structure. It includes a search bar to find an object directly. Click on any object to see a full description including:

FIELD

DESCRIPTION

Name

The real name of that user in the system

SAM Account name

Sam Account name

Disabled

Status: Disabled or not

objectSID

Object Security identifier

Object type

Object type: user, admin,etc.

Is admin

Admin or not

Created at

The date the user account was created

Last logon

Last date the user logged into the system

Location

Location

Account expires

Expire time

Events

Events timeline and description

Besides the full description, the user can:

Activity Tracker

The UTMSTack AD Auditor is divided into three sections: Overview, AD auditor, and Activity Tracker. This chapter deals with the activity tracker operation.

Activity Tracker

Activity tracker

The tracking functions allow monitoring the activity of specific objects, creating exhaustive reports containing location, SID, name, last login, LDAP groups, and date of creation. It exports the results to PDF files.

The user can create or delete trackers over objects to see the related events by time and amount.

The results are displayed in a table with the following fields:

FIELD

DESCRIPTION

Name

The real name of that user in the system

Start tracking

Starting date and time

Last event date

Last event date

Amount of events

Amount of events

Action

The following actions are performed: delete tracker over an object, and download a report

You can sort the list in ascending or descending order.

A tracking notification option can be configured to send notification emails or SMS if something suspicious occurs.