Audit Collection Service

Audit Collection Admin

The Audit Collection Admin provides a graphical console interface to centrally manage the Audit Collection Service. This solution centralizes administrative tasks, information and reporting into an easy to use console within System Center Operations Manager 2007.

Key Technology Features

• AdtAdmin User Interface
• Collector Performance & Health
• Event Load Statistics & Reporting
• Event Forwarder Analysis
• Noise Filter Management

Audit Collection Archiver

ACS Collectors groom security data regularly to maintain collection performance leaving a customer need for long-term storage and historical reporting. The Audit Collection Archiver introduces historical archiving and reporting across ACS Collectors.

As online data partitions get groomed they are written to compressed text files for near-line storage and can eventually be moved to preferred offline storage. Near-line storage can be accessed on demand or alternatively Base Reporting can be run directly against the near-line storage repository.

Key Technology Features

• Daily Data Archival
• Reduced Storage with compressed text files
• On Demand Historical Access
• Optimized Offline Compression
• Reporting across Multiple Collector Repositories
• Recreates SDK views

Audit Collection Base Reporting

The Audit Collection service Base Reporting solutions provide in-depth forensic analysis services for Windows security events introducing advance analytics and guidance. Leverage your ACS infrastructure today and implement the auditing capabilities you always wanted. Base reporting is split into two modules: Forensic Analyzer and the IT Auditors Pack.

Report Samples

Cover Page

Standard Reporting Features:

• Dynamic Grouping and Sorting
• Document Maps
• PDF Optimization
• Comprehensive Attribute Filtering
• Multi-Select Parameter Options
• Summary to Detail Drilldown
• Noise Filter Templates
• Event Detail Drilldown ~ Sample

Summary Page

Forensic Analyzer:

• Based on Security Category
• Enriched event correlation
• Event Load Analysis

Details Page

IT Auditors Pack:

• Based on Usage Scenario's
• Includes Usage Guidance
• Extended Compliance Modules Available

Audit Collection Compliance Reporting

Compliance Reporting for ACS introduces extended security scenario reporting designed by Microsoft Security MVP, Randy Franklin Smith. These reports provide direct visibility into audit control scenarios with detailed user guidance and regulation control mapping designed to optimize your best practices and report usage.

Extended Features:

Samples

Cover Page


Usage Guidance


Summary Page


Details Page

• Usage Guidance
  • Audience
  • Frequency
  • Rationale
  • Control Mapping
• Regulation & Standard Support
  • CoBits
  • DS484
  • FISMA
  • GLBA
  • HIPAA
  • ISO 17799
  • PCI
    

Sample Auditing Scenarios:

• Administrator Logons
• Domain Policy Changes
• General Object Changes
• Group Member Additions
• Group Member Deletions
• Group Policy Changes
• Permission Changes
• Privilege Use Activity
• Users - Deleted or Disabled
• Users - Lockouts and Password Resets
• Users - New or Enabled
• User, Groups and Computers Consolidated

Audit Collection SYSLOG Gateway

The Secure Vantage Audit Collection Syslog Gateway provides centralized security event collection, analysis and reporting across platforms and applications. The Audit Collection Syslog Gateway enables customers to forward syslog event streams to a central gateway server for integration with the ACS collection stream.

Included with the gateway is a Managment Pack to simplify deployment, generic reports for syslog events and guidance on optimizing reports for new data sources.