Instant Best Practice Reports
Argent for Compliance includes pre-defined best practices for all compliance acts
The pre-defined audit reports can be broken down as follows:
Domain Computer Audit Management Activity Report
This auditor report shows all computers created, modified, or deleted in Active Directory
This report involves key rights and attributes that may have changed on computers added into any Active Directory container
Unauthorized machines added into the domain, unauthorized rights assigned to machines, or accidental deletions can easily be tracked to find out who, what, where and when the changes were made
Domain Controller Audit Authentication Activity
This audit report shows all authentication requests to the Domain Controller, including both failed and success requests
Administrators must have full visibility on all authentication activity to see if any accounts have been compromised
A security lapse could occur as a result of unsecured accounts or deliberate attacks from intruders
Additionally, this report allows administrators to see if any existing employees are trying to access critical resources in the domain that they don’t have rights to
Domain Group Policy Object Audit Management Activity
This audit report shows all Group Policy Objects (GPO) that have been created, modified or deleted, including which attributes have been changed
Group Policy controls critical security measures on the entire domain or specific Organizational Units (OU)
Administrators need to maintain full visibility on all changes, which changes were made, and who made the changes
This provides full accountability of actions from employees (or unauthorized users) that have been given the power to perform these privileged user actions
Domain Group Audit Management Activity
This audit report shows all Domain Groups that have been created, modified or deleted, including which attributes have been changed
Domain Groups control access rights for member users to different machines
Administrators need to maintain full visibility on all changes, which changes were made, and who made the changes
This provides full accountability of actions from employees (or unauthorized users) that have been given the power to perform these privileged user actions
Domain Organization Unit (OU) Audit Change Report
This audit report shows all Organizational Units (OU) that have been created, modified or deleted, including which attributes have been changed
OUs are containers on a computer network that allow administrators to organize groups and users into logical structures
Administrators need to maintain full visibility on all changes, which changes were made, and who made the changes
This provides full accountability of actions from employees (or unauthorized users) that have been given the power to perform these privileged user actions
Domain Policy Audit Changes Report
This audit report shows all critical account policy and password policy changes made, such as account lockouts, password complexity, password length, etc.
Administrators need to maintain full visibility on all changes, which changes were made, and who made the changes
This provides full accountability of actions from employees (or unauthorized users) that have been given the power to perform these privileged user actions
Domain User Account Audit Management Report
This audit report shows all domain user accounts that have been created, modified or deleted, including which attributes have been changed
User accounts control access into remote machines or even the Domain Controllers
Administrators need to maintain full visibility on all changes, which changes were made, and who made the changes
This provides full accountability of actions from employees (or unauthorized users) that have been given the power to perform these privileged user actions
File Operations On Audited File Servers
This audit report shows all file operations (created, modified, deleted) made to servers and paths with file auditing enabled
Critical file paths can be configured on a per-machine basis in the License Manager of Argent for Compliance
Administrators need to maintain full visibility on all changes, which changes were made, and who made the changes
This provides full accountability of actions from employees (or unauthorized users) that have been given the power to perform these privileged user actions
Logon Duration Audit Report
This audit report shows the logon duration of all users. Users that are still logged on at the time of report generation are marked as “Not Logged Off Yet”
This report helps administrators understand where, when, and how long users were logged in on a particular machine for
This report also provides insight into the work patterns, absence and attendance of employees based on their logon duration
Logon Failure Audit Report
This audit report shows all logon failures on the target machines
The presence of a few login failure records is completely normal – users sometimes have fat fingers
But if there are an unusually high number of logon failures, this may indicate a brute force hacker attack
Some logon failures help prompt administrators to give attention to the user, such as accounts that have been accidentally locked out, password expirations or time restrictions set on the accounts
Logon/Logoff Audit Report
This audit report shows all logon/logoff events on all machines, including both successful and failed logons
This report helps to paint the entire picture of logon/logoff access across all machines
Successful logins are not always a good thing — especially if an account wasn’t supposed to have access to a particular machine in the first place
The presence of a few login failure records is completely normal – users sometimes have fat fingers
But if there are an unusually high number of logon failures, this may indicate a brute force hacker attack
Some logon failures help prompt administrators to give attention to the user, such as accounts that have been accidentally locked out, password expirations or time restrictions set on the accounts
Logon Activity Report, By Machine Audit Report
This audit report shows all logon/logoff events on all machines, including both successful and failed logons
This audit report is grouped by server, then by logon time
This report helps to paint the entire picture of logon/logoff access across all machines
Successful logins are not always a good thing — especially if an account wasn’t supposed to have access to a particular machine in the first place
The presence of a few login failure records is completely normal – users sometimes have fat fingers
But if there are an unusually high number of logon failures, this may indicate a brute force hacker attack
Some logon failures help prompt administrators to give attention to the user, such as accounts that have been accidentally locked out, password expirations or time restrictions set on the accounts
Network Policy Server Activity Audit Report
This audit report shows all logon activity when a user attempts to login into a computer using the RADIUS protocol via a Network Policy Server
RADIUS is the Remote Authentication Dial-In User Service — all access to machines should be closely reviewed
Successful logins are not always a good thing — especially if an account wasn’t supposed to have access to a particular machine in the first place
The presence of a few login failure records is completely normal – users sometimes have fat fingers
But if there are an unusually high number of logon failures, this may indicate a brute force hacker attack
Some logon failures help prompt administrators to give attention to the user, such as accounts that have been accidentally locked out, password expirations or time restrictions set on the accounts
Process Creation/Termination Audit Report
This audit report shows all processes that have been created and terminated on the target machine
This report allows administrators to effectively keep an eye on unauthorized programs that are launched by users
This provides accountability if users are running destructive programs that are consuming network bandwidth or resources on the machine
Additionally, viruses and malware can be spotted
System Events Audit Report
This audit report shows all critical system events (such as audit log clearing)
Clearing the Windows Security Log is the best way hackers and other unauthorized users cover their tracks
Because of the common security hack, the Windows Security Log on ALL production Windows servers must be monitored and alerts automatically sent by Argent
A common trick used by hackers is to do this unauthorized clearing at midnight Saturday to try to blend in with legitimate weekly housekeeping
Scheduled Task Management Audit Report
This audit report shows all scheduled Windows tasks, when they last ran, and remarks on the execution status
This report allows administrators to effectively keep an eye on unauthorized Windows tasks that are running, or if Windows tasks are running at incorrect times or frequencies
This provides accountability if users are scheduling destructive scripts or batch files that are consuming network bandwidth or resources on the machine
Viruses and malware often keep themselves “alive” through scheduled Windows tasks — these can easily be spotted with this critical report
Terminal Service Activity Audit Report
This audit report shows all remote terminal service logons on the target machines
Terminal service logons are identified as “RemoteInteractive” logons internally in the Event Logs
This report helps to paint the entire picture of logon/logoff terminal access across all machines
Successful logins are not always a good thing — especially if an account wasn’t supposed to have access to a particular machine in the first place
The presence of a few login failure records is completely normal – users sometimes have fat fingers
But if there are an unusually high number of logon failures, this may indicate a brute force hacker attack
Some logon failures help prompt administrators to give attention to the user, such as accounts that have been accidentally locked out, password expirations or time restrictions set on the accounts
Additionally, reports for all other log types (File Logs, SNMP Traps, SYSLOGs and iSeries Logs) are included and fully customizable