快速入门

架构

架构

活动目录（Active Directory）

活动目录审核

概述
配置AD域和DC
- 自动配置
- 手动配置
配置审核策略
- 自动配置
- 手动配置
配置对象级审核
- 自动配置
- 手动配置
配置事件日志设置
故障排除

ADFS审计

组策略对象审核

Azure AD配置

概述
功能比较：Azure App与M365
在ADAudit Plus中配置Azure AD
- 使用Azure AD Premium许可证
- 使用Microsoft 365许可证
ADAudit Plus的报告功能
- ADAudit Plus与Azure门户
- ADAudit Plus与PowerShell cmdlet的比较
跟踪的事件类别
Azure AD中的日志保留设置
故障排除

Azure AD DS审核

AD CS审核

Windows服务器

Windows服务器审核

可移动存储审核

文件完整性监视

PowerShell审核指南

用户会话录制

概述和步骤

文件服务器

Windows文件服务器审核

EMC服务器审核

EMC Isilon审核

症状学审计

华为OceanStor审计

概述
华为OceanStor V5系列
华为OceanStor 9000 V5
华为OceanStor Dorado All-Flash Storage和OceanStor混合闪存（V6系列）
在ADAudit Plus中添加设备
排除配置
故障排除

NetApp文件管理器审核

NetApp群集审核

日立NAS审计

亚马逊FSx审计指南

QNAP NAS审核指南

Windows工作站审核

事件收集疑难解答

概述
错误和解决方案

迁移

安全

安全规范

安全性强化

安全性强化

产品配置

服务帐户配置

SSL配置

安全日志设置

安全日志设置

Agent配置

单一登录

NTLM身份验证
SAML身份验证

端口

产品和系统端口

2FA配置

虚拟IP地址设置

虚拟IP地址设置

高可用性配置

Configure object-level auditing - Manual configuration

Using Windows shares

Right-click on the share folder that you want to audit, select Properties, and then click on the Security tab → Select Advanced, and then click on the Auditing tab → For the Everyone group, add the following entries:

	Principal	Type	Access	Applies To
File/folder changes	Everyone	Success, Failure	Create files / Write Data Create folders / Append data Write attributes Write extended attributes Delete sub folders and files Delete	This Folder, sub folders, and files
Folder permission and owner changes	Everyone	Success, Failure	Take ownership Change permissions	This Folder and sub folders
File read	Everyone	Success, Failure	List folder / Read data	Files only
Folder read failure	Everyone	Failure	List folder / Read data	This Folder and sub folders

Using PowerShell cmdlets

Go to the <installation directory>\bin folder within the PowerShell command prompt → Type in ADAP-Set-SACL.ps1 → Follow the steps to apply object-level auditing to shares on the file server.

Create a CSV file containing the Universal Naming Convention (UNC) path or local path and the type of auditing (file server auditing [FA] or file integrity monitoring [FIM]) of all the folders that you need to enable auditing for.
The CSV file should contain the list of folders in the following format: <folder>,<type>

Example:
\\SERVERNAME\folder,FA
C:\test folder,FA
E:\test folder,FIM
\\SERVERNAME\c$\folder,FIM
Once you have the CSV file that lists all the servers and the type of auditing required, go to the <Installation Directory>\bin folder within the PowerShell command prompt.

Type in:
.\ADAP-Set-SACL.ps1 -file '.\file name' -mode add (or) remove -recurse true (or) false -username DOMAIN_NAME\username

Where

parameter	input variable	mandatory
-file	name of the CSV file containing the list of shared folders	yes
-mode	add - sets the object-level auditing settings (or) remove - removes the object-level auditing settings	yes
-recurse	true - Replace all sub-folder object-level auditing settings with inheritable auditing settings applied to the chosen folder. (or) false - Apply object-level auditing settings only to the chosen folder Note: By default, the -recurse parameter is set to false	no
-username	DOMAIN_NAME\username of the user with privilege over the file or folder to set the object-level auditing settings. (No cross-domain support)	no

Note: When removing object-level auditing for a set of folders, the -type parameter is not mandatory.

For example:

To set object-level auditing for the list of folders in the shared_folders_list.CSV file, use:
.\ADAP-Set-SACL.ps1 -file '.\shared_folders_list.CSV' -mode add
To replace all sub-folder object-level auditing settings with inheritable auditing settings applied to the shared_folders_list.CSV file, use:
.\ADAP-Set-SACL.ps1 -file '.\shared_folders_list.CSV' -mode add -recurse true
To remove object-level auditing for the list of folders in the shared_folders_list.CSV file, use:
.\ADAP-Set-SACL.ps1 -file '.\shared_folders_list.CSV' -mode remove