The AD Audit is the tool that keeps track of the user activity in the active directory forest. This module has the following sections:

• Overview Dashboard
• AD Auditor
• Activity Tracker

Figure 1: AD Audit tab

Configuring AD Auditor Module

The AD Auditor module does not come as pre-configured with the UTMStack. You need to configure it to use it. The configuration procedure for AD Auditor is easy, as explained below:

1. Click the Integrations tab.

The INTEGRATIONS window opens.

1. Click on Active Directory in the left-hand pane.

The configuration procedure is displayed.

Figure 1: AD Audit tab

Notes:

• Follow the procedure to configure and enable the AD Auditor module.
• You must also have your agent installed on the active directory server to perform the instant response commands.

Overview Dashboard

Overview dashboard consists of an interactive set of details that provide you a great insight into the users and their activities. Overview dashboard contains various interactive dashboards, as follows:

• Quick Info: Provides you the information about how many user lockdowns happened due to multiple authentication failures. Also, it provides you the number of disabled users and their details.

Figure 2: Quick info dashboard

You are redirected to the details page. The below image shows details of the Disabled users.

Figure 3: Details of Users with Status Disabled window

The left-hand side pane has various filters for efficient search. The right-hand side pane has the table with details of the disabled users.

• Click on any row to see further details of the selected user.

The Events window opens, as shown in the image below.

Figure 4: Events of the user window

• Inactive: Provides you the information about the users who have been inactive for the selected value of time. In this example, the default value, 15 days is selected.

Figure 5: Inactive dashboard

• Click on the interactive data point to view more details. You are redirected to the details page. The below image shows details of the Inactive users.

Figure 6: Details of Inactive users with more than 15 days window

The left-hand side pane has various filters for efficient search. The right-hand side pane has the table with details of the inactive users.

• Click on any row to see further details of the selected user. The Events window opens, as shown in the image below.

Figure 7: Events window

• Permissions: Provides you the information about the users who have been provided with additional permissions/privileges. Also, it shows the number of users who are being tracked so that you get notified whenever these users have any activities. In this example, the default time range, last 7 days is selected. However, you can click the time filter to change the time range.

Figure 8: Permissions dashboard

• Click either of the interactive data points to view more details about it.

The OBJECTS THAT SCALED PERMISSIONS window opens, as shown in the image below.

Figure 9: Details of objects that scaled permissions window

The left-hand side pane has various filters for efficient search. The right-hand side pane has the table with details of the users with scaled permissions.

• Click on any row to see further details of the selected user. The Events window opens.

Figure 10: Events window

• Event by object in time: This graph provides you the changes that happened with the users, groups, computers, and objects within the selected time range.

In this example, the default time range, last 7 days is selected. However, you can click the time filter to change the time range.

Figure 11: Events by object in time

Note: You can use the mouse scroller up and down to contract and expand the graph, respectively.

• Administrator VS standard users: This pie chart provided the details of how many administrators and users you currently have.

Figure 12: Administrator VS standard users

• Hover over the pie chart to know the numbers and percentages of administrators and users. Click on administrators or users in the pie chart to see more details.

The DETAIL OF USERS WITH STANDARD PERMISSIONS opens.

Figure 13: Details of users with standard permissions window

The left-hand side pane has various filters for efficient search. The right-hand side pane has the table with details of the users with standard permissions.

• Click on any row to see further details of the selected user. The Events window opens, as shown in the image below.

Figure 14: Events window

• Top 20 most active user: This dashboard shows the top 20 most active users for the selected time value.

Figure 15: Top 20 most active user

• Click on any of the rows to see more details of the user. The DETAIL OF USER ADMIN-PROBE window opens.

Figure 16: Detail of user administrator window

The left-hand side pane has various filters for efficient search. The right-hand side pane has the table with details of the users with standard permissions.

• Click on any row to see further details of the user administrator.

The Events window opens, as shown in the image below.

Figure 17: Events window

• User most active user making changes: This horizontal bar chart shows the number of users who are making the most changes for the selected time value. In this example, the default time range, last 7 days is selected. However, you can click the time filter to change the time range.

Figure 18: User most active user making changes graph

• Click on any of the rows to see more details of the user. The DETAIL OF USER ADMIN-PROBE window opens.

Figure 19: Detail of user admin-probe window

The left-hand side pane has various filters for efficient search. The right-hand side pane has the table with details of the user admin probe.

• Click on any row to see further details of the user administrator.

The Events window opens, as shown in the image below.

Figure 20: Events window

• User with more changes to its permissions: This horizontal bar chart shows the number of users who are receiving the most changes for permissions.

In this example, the default time range, last 7 days is selected. However, you can click the time filter to change the time range.

Figure 21: User with more changes to it’s permissions graph

• Click on any of the rows to see more details of the user. The DETAIL OF USER ADMIN-PROBE window opens.

Figure 22: Detail of user admin-probe window

The left-hand side pane has various filters for efficient search. The right-hand side pane has the table with details of the user admin probe.

• Click on any row to see further details of the user administrator. The Events window opens, as shown in the image below

Figure 23: Events window

• Administrators with more than 15 inactive days: This table lists details of the administrators who have not been active for the selected time value. The default time range is 15

Figure 24: Administrators with more than 15 inactive days dashboard

• Click on any of the rows to see more details of the user. The DETAIL OF USER ADMIN-PROBE window opens.

Figure 25: Detail of user admin-probe window

The left-hand side pane has various filters for efficient search. The right-hand side pane has the table with details of the user admin probe.

• Click on any row to see further details of the user administrator. The Events window opens, as shown in the image below.

Figure 26: Events window