Argent for Compliance includes pre-defined best practices for all compliance acts

The pre-defined audit reports can be broken down as follows:

Domain Computer Audit Management Activity Report

This auditor report shows all computers created, modified, or deleted in Active Directory

This report involves key rights and attributes that may have changed on computers added into any Active Directory container

Unauthorized machines added into the domain, unauthorized rights assigned to machines, or accidental deletions can easily be tracked to find out who, what, where and when the changes were made

Domain Controller Audit Authentication Activity

This audit report shows all authentication requests to the Domain Controller, including both failed and success requests

Administrators must have full visibility on all authentication activity to see if any accounts have been compromised

A security lapse could occur as a result of unsecured accounts or deliberate attacks from intruders

Additionally, this report allows administrators to see if any existing employees are trying to access critical resources in the domain that they don’t have rights to

Domain Group Policy Object Audit Management Activity

This audit report shows all Group Policy Objects (GPO) that have been created, modified or deleted, including which attributes have been changed

Group Policy controls critical security measures on the entire domain or specific Organizational Units (OU)

Administrators need to maintain full visibility on all changes, which changes were made, and who made the changes

This provides full accountability of actions from employees (or unauthorized users) that have been given the power to perform these privileged user actions

Domain Group Audit Management Activity

This audit report shows all Domain Groups that have been created, modified or deleted, including which attributes have been changed

Domain Groups control access rights for member users to different machines

Administrators need to maintain full visibility on all changes, which changes were made, and who made the changes

This provides full accountability of actions from employees (or unauthorized users) that have been given the power to perform these privileged user actions

Domain Organization Unit (OU) Audit Change Report

This audit report shows all Organizational Units (OU) that have been created, modified or deleted, including which attributes have been changed

OUs are containers on a computer network that allow administrators to organize groups and users into logical structures

Administrators need to maintain full visibility on all changes, which changes were made, and who made the changes

This provides full accountability of actions from employees (or unauthorized users) that have been given the power to perform these privileged user actions

Domain Policy Audit Changes Report

This audit report shows all critical account policy and password policy changes made, such as account lockouts, password complexity, password length, etc.

Administrators need to maintain full visibility on all changes, which changes were made, and who made the changes

This provides full accountability of actions from employees (or unauthorized users) that have been given the power to perform these privileged user actions

Domain User Account Audit Management Report

This audit report shows all domain user accounts that have been created, modified or deleted, including which attributes have been changed

User accounts control access into remote machines or even the Domain Controllers

Administrators need to maintain full visibility on all changes, which changes were made, and who made the changes

This provides full accountability of actions from employees (or unauthorized users) that have been given the power to perform these privileged user actions

File Operations On Audited File Servers

This audit report shows all file operations (created, modified, deleted) made to servers and paths with file auditing enabled

Critical file paths can be configured on a per-machine basis in the License Manager of Argent for Compliance

Administrators need to maintain full visibility on all changes, which changes were made, and who made the changes

This provides full accountability of actions from employees (or unauthorized users) that have been given the power to perform these privileged user actions

Logon Duration Audit Report

This audit report shows the logon duration of all users. Users that are still logged on at the time of report generation are marked as “Not Logged Off Yet”

This report helps administrators understand where, when, and how long users were logged in on a particular machine for

This report also provides insight into the work patterns, absence and attendance of employees based on their logon duration

Logon Failure Audit Report

This audit report shows all logon failures on the target machines

The presence of a few login failure records is completely normal – users sometimes have fat fingers

But if there are an unusually high number of logon failures, this may indicate a brute force hacker attack

Some logon failures help prompt administrators to give attention to the user, such as accounts that have been accidentally locked out, password expirations or time restrictions set on the accounts

Logon/Logoff Audit Report

This audit report shows all logon/logoff events on all machines, including both successful and failed logons

This report helps to paint the entire picture of logon/logoff access across all machines

Successful logins are not always a good thing — especially if an account wasn’t supposed to have access to a particular machine in the first place

The presence of a few login failure records is completely normal – users sometimes have fat fingers

But if there are an unusually high number of logon failures, this may indicate a brute force hacker attack

Some logon failures help prompt administrators to give attention to the user, such as accounts that have been accidentally locked out, password expirations or time restrictions set on the accounts

Logon Activity Report, By Machine Audit Report

This audit report shows all logon/logoff events on all machines, including both successful and failed logons

This audit report is grouped by server, then by logon time

This report helps to paint the entire picture of logon/logoff access across all machines

Successful logins are not always a good thing — especially if an account wasn’t supposed to have access to a particular machine in the first place

The presence of a few login failure records is completely normal – users sometimes have fat fingers

But if there are an unusually high number of logon failures, this may indicate a brute force hacker attack

Some logon failures help prompt administrators to give attention to the user, such as accounts that have been accidentally locked out, password expirations or time restrictions set on the accounts

Network Policy Server Activity Audit Report

This audit report shows all logon activity when a user attempts to login into a computer using the RADIUS protocol via a Network Policy Server

RADIUS is the Remote Authentication Dial-In User Service — all access to machines should be closely reviewed

Successful logins are not always a good thing — especially if an account wasn’t supposed to have access to a particular machine in the first place

The presence of a few login failure records is completely normal – users sometimes have fat fingers

But if there are an unusually high number of logon failures, this may indicate a brute force hacker attack

Some logon failures help prompt administrators to give attention to the user, such as accounts that have been accidentally locked out, password expirations or time restrictions set on the accounts

Process Creation/Termination Audit Report

This audit report shows all processes that have been created and terminated on the target machine

This report allows administrators to effectively keep an eye on unauthorized programs that are launched by users

This provides accountability if users are running destructive programs that are consuming network bandwidth or resources on the machine

Additionally, viruses and malware can be spotted

System Events Audit Report

This audit report shows all critical system events (such as audit log clearing)

Clearing the Windows Security Log is the best way hackers and other unauthorized users cover their tracks

Because of the common security hack, the Windows Security Log on ALL production Windows servers must be monitored and alerts automatically sent by Argent

A common trick used by hackers is to do this unauthorized clearing at midnight Saturday to try to blend in with legitimate weekly housekeeping

Scheduled Task Management Audit Report

This audit report shows all scheduled Windows tasks, when they last ran, and remarks on the execution status

This report allows administrators to effectively keep an eye on unauthorized Windows tasks that are running, or if Windows tasks are running at incorrect times or frequencies

This provides accountability if users are scheduling destructive scripts or batch files that are consuming network bandwidth or resources on the machine

Viruses and malware often keep themselves “alive” through scheduled Windows tasks — these can easily be spotted with this critical report

Terminal Service Activity Audit Report

This audit report shows all remote terminal service logons on the target machines

Terminal service logons are identified as “RemoteInteractive” logons internally in the Event Logs

This report helps to paint the entire picture of logon/logoff terminal access across all machines

Successful logins are not always a good thing — especially if an account wasn’t supposed to have access to a particular machine in the first place

The presence of a few login failure records is completely normal – users sometimes have fat fingers

But if there are an unusually high number of logon failures, this may indicate a brute force hacker attack

Some logon failures help prompt administrators to give attention to the user, such as accounts that have been accidentally locked out, password expirations or time restrictions set on the accounts

Additionally, reports for all other log types (File Logs, SNMP Traps, SYSLOGs and iSeries Logs) are included and fully customizable