Apoyo
 
Nosotros: + 1888 720 9500
Estados Unidos: +1888791 1189
Internacional: +1925924 9500
Aus: +1800 631268
Reino Unido: 0800 028 6590
CN: +86400660 8680

Marcación interna directa: +1 408 916 9892

 

Prerrequisitos

Asegúrese de que las siguientes configuraciones y componentes estén configurados antes de implementar ADAudit Plus.

Configuración de políticas de auditoría y auditoría a nivel de objeto

La configuración de la política de auditoría especifica categorías de eventos relacionados con la seguridad que desea auditar. La configuración avanzada de políticas de auditoría ayuda a los administradores a ejercer un control granular sobre qué actividades se registran en los registros, lo que ayuda a reducir el ruido de los eventos.

La configuración de auditoría a nivel de objeto (denominada lista de control de acceso al sistema [SACL] en este documento), registra los intentos de acceder a un objeto protegido.

Audit policies or advanced audit policies (recommended for computers running Windows 7, Windows Server 2008, and later) must be configured for computers, while object-level auditing must be configured for secured objects to ensure that security-related events get logged whenever any relevant activity occurs.

Note: The required audit policy and object-level auditing settings can be configured automatically via the ADAudit Plus console, by following the steps found under the Automatic configuration section in each of the links found below.

To audit Active Directory:

  1. Configure the Default Domain Controller policy.
  2. Configure object-level auditing.

To audit Windows file servers:

  1. Configure audit policies for the Windows file servers that need to be audited.
  2. Configure object-level auditing for the shares that need to be audited.

To audit Windows member servers:

  1. Configure audit policies for the Windows servers that need to be audited.

To audit Windows workstations:

  1. Configure audit policies for the Windows workstations that need to be audited.

To audit NetApp Filers

  1. Configure audit policies and SACLs for the NetApp Filers that need to be audited.

To audit NetApp clusters:

  1. Configure audit policies and SACLs for the NetApp clusters that need to be audited.

To audit EMC servers:

  1. Configure audit policies and SACLs for the EMC servers that need to be audited.

To audit EMC Isilon:

  1. Configure audit policies and SACLs for the EMC Isilon nodes that need to be audited.

To enable File Integrity Monitoring (FIM):

  1. Configure audit policies for the domain controllers, Windows servers, and Windows workstations on which file integrity needs to be monitored.
  2. Configure object-level auditing for the shares that need to be audited.

To audit Group Policy Objects (GPOs):

  1. Configure the Default Domain Controller policy.
  2. Configure object-level auditing.

To audit removable storage devices:

  1. Configure audit policies for the domain controllers, Windows servers, and Windows workstations on which removable storage activity needs to be audited.

To audit Windows PowerShell:

  1. Configure audit policies for the domain controllers, Windows servers, and Windows workstations on which PowerShell activity needs to be audited.

To audit Active Directory Federation Service (AD FS):

  1. Configure audit policies for the domain controllers and Windows servers on which AD FS activity needs to be audited.

Configuring security log size and retention settings

Security log size and retention settings must be configured to prevent loss of audit data due to overwriting of events.

Follow these recommendations to configure appropriate security log settings.

Ports to be opened

Ports must be opened to allow exchange of data between computers.

Here is the list of default ports used by ADAudit Plus and the ports that should be opened on the destination computers.

Setting-up a service account

After the Domain Admin credentials are entered, ADAudit Plus starts to audit activities.

If you do not want to provide Domain Admin credentials, follow these steps to set up the service account to have only the least privileges required for auditing your environment.

ADAudit Plus cuenta con la confianza de