Audit Collection Service

Audit Collection Admin™

The Audit Collection Admin™ provides a graphical console interface to centrally manage the Audit Collection Service. This solution centralizes administrative tasks, information and reporting into an easy to use console within System Center Operations Manager 2007.

Key Technology Features

• AdtAdmin User Interface
• Collector Performance & Health
• Event Load Statistics & Reporting
• Event Forwarder Analysis
• Noise Filter Management

Audit Collection Archiver™

ACS Collectors groom security data regularly to maintain collection performance leaving a customer need for long-term storage and historical reporting. The Audit Collection Archiver™ introduces historical archiving and reporting across ACS Collectors.

As online data partitions get groomed they are written to compressed text files for near-line storage and can eventually be moved to preferred offline storage. Near-line storage can be accessed on demand or alternatively Base Reporting can be run directly against the near-line storage repository.

Key Technology Features

• Automated ACS Data Archival
• 5 - 10x Data Compression
• Optimized ACS Historical Database
• Reporting across Multiple Collector Repositories
• Built in Checksum and Encryption Options

Audit Collection Base Reporting™

The Audit Collection service Base Reporting solutions provide in-depth forensic analysis services for Windows security events introducing advance analytics and guidance. Leverage your ACS infrastructure today and implement the auditing capabilities you always wanted. Base reporting is split into two modules: Forensic Analyzer and the IT Auditors Pack.

Report Samples

Cover Page

Standard Reporting Features:

• Dynamic Grouping and Sorting
• Document Maps
• PDF Optimization
• Comprehensive Attribute Filtering
• Multi-Select Parameter Options
• Summary to Detail Drilldown
• Noise Filter Templates
• Event Detail Drilldown ~ Sample

Summary Page

Forensic Analyzer:

• Based on Security Category
• Enriched event correlation
• Event Load Analysis

Details Page

IT Auditors Pack:

• Based on Usage Scenario's
• Includes Usage Guidance
• Extended Compliance Modules Available

Audit Collection Compliance Reporting™

Compliance Reporting for ACS introduces extended security scenario reporting designed by Microsoft Security MVP, Randy Franklin Smith. These reports provide direct visibility into audit control scenarios with detailed user guidance and regulation control mapping designed to optimize your best practices and report usage.

Extended Features:

Samples

Cover Page


Usage Guidance


Summary Page


Details Page

• Usage Guidance
  • Audience
  • Frequency
  • Rationale
  • Control Mapping
• Regulation & Standard Support
  • CoBits
  • DS484
  • FISMA
  • GLBA
  • HIPAA
  • ISO 17799
  • PCI
    

Sample Auditing Scenarios:

• Administrator Logons
• Domain Policy Changes
• General Object Changes
• Group Member Additions
• Group Member Deletions
• Group Policy Changes
• Permission Changes
• Privilege Use Activity
• Users - Deleted or Disabled
• Users - Lockouts and Password Resets
• Users - New or Enabled
• User, Groups and Computers Consolidated

Audit Collection SYSLOG Gateway™

The Secure Vantage Audit Collection Syslog Gateway provides centralized security event collection, analysis and reporting across platforms and applications. The Audit Collection Syslog Gateway enables customers to forward syslog event streams to a central gateway server for integration with the ACS collection stream.

Included with the gateway is a Management Pack to simplify deployment, generic reports for syslog events and guidance on optimizing reports for new data sources.

Learn more...