Features of ADAudit Plus

By use case

•   

  Windows logon auditing

  Continuously audit logon activity. Track everything from logon failures to logon history.

•   

  Account lockout analysis

  Receive alerts about lockouts, and find the root cause of lockouts from an extensive list of Windows components.

•   

  Employee work hours monitoring

  Continuously monitor active and idle time spent by employees at their workstations.

•   

  Windows server change notifier

  Get information on who did what change, when, and from where in your Windows Server environment.

•   

  Privileged user monitoring

  Audit use of privileges to hold admins and other privileged users accountable for their actions.

•   

  File change monitoring

  Track file accesses and permission changes in Windows, NetApp, EMC, Synology, Hitachi, and Huawei file systems.

•   

  Insider threat detection

  Leverage user behavior analytics to establish activity patterns and spot subtle anomalies that might be an indicator of compromise.

•  

  Ransomware detection

  Get instantly notified via email or SMS when there is a sudden spike in file accesses, and automatically shut down infected devices.

•   

  Compliance reporting

  Automate the generation and email delivery of over 250 prepackaged reports. Customize reports to suit your specific needs.

•   

  Remote desktop monitoring

  Track remote desktop connections as well as remote logons occurring via RDG servers and RADIUS Network Policy Servers.

•   

  Object change auditing

  Audit changes to users, computers, groups, OUs, GPOs, and other AD objects.

•   

  Permission change auditing

  Track changes to objects' permissions across your Windows Server environment.

•   

  GPO change auditing

  Monitor changes to Group Policy Objects (GPOs) and their settings, such as password policies, audit policies, etc.

•   

  Azure AD auditing

  Audit sign-ins and changes in Azure AD, and gain a correlated view of activity across hybrid environments.

•   

  File integrity monitoring

  Track access to the operating system (OS), software program, and other critical local files residing on Windows servers and workstations.

•   

  Removable storage auditing

  Monitor file activity in removable storage devices such as USBs across your Windows Server environment.

•   

  Printer auditing

  Keep tabs on the use of printers across your Windows Server environment.

•   

  AD FS auditing

  Track all authentication attempts recorded by federation servers.

•   

  LAPS auditing

  Monitor who is viewing or modifying local admin credentials in Microsoft's Local Administrator Password Solution.

•   

  Scheduled tasks and process auditing

  Audit scheduled tasks that have been created, deleted, or modified, and processes that have been started or stopped.

•   

  User-based consolidated audit trail

  Get a consolidated audit trail of activities carried out by any user in your Windows Server environment.

•   

  Long-term archive of log data

  Archive audit log data for as long as you want, and restore it as needed.

•   

  SIEM integration

  Maximize the potential of your SIEM tool by forwarding logs to Splunk, ArcSight, and Syslog servers.

•   

  PowerShell auditing

  Track PowerShell processes that run in your Windows Server environment along with the commands executed in them.