A closer look at LepideAuditor Suite

Get a copy of the upcoming book "Secure Operations Technology"

Server systems are the pillars of an organization’s working environment, and they should be up and running at all times, without any interruptions. If a server crashes or goes down because of an unwanted change, users will not be able to work. Such problematic changes can be a result of IT administrator’s testing of a new policy in a live environment or because of unwelcome access. In the latter case, the damage for an organization is double: its employees’ valuable time is wasted, and there is a chance that an insider who has had access to the valuable information stored on the servers can turn into an intruder.

With change configuration auditing of servers, an IT administrator can “save” his organization from unauthorized access or unwanted changes. However, change auditing using native tools has multiple drawbacks, such as dozens of events for a single change/access, no mention of before- and after-value for every change, no graphical representation of events, and a complex reading format of events.

LepideAuditor Suite is a solution for auditing multiple server instances. Its centralized platform delivers a single console for configuration change auditing of Active Directory, Group Policy Objects, Exchange Server, SharePoint Server, and SQL Server.

Key features:

  • Customizable auditing to specify the exact objects, object classes, setting paths, operations, mailbox accesses, etc., to be monitored
  • Real-time collection of logs and parsing to convert them into intelligent records
  • Long term storage of logs with daily, weekly or monthly archiving of old records
  • Separate intuitive Dashboard Tab for each server
  • 270+ predefined audit reports, 70+ graph trends, live updates in LiveFeed widget, real-time alerts, and scheduled reports to highlight who has made what change, when, and where
  • Shows the in-depth details like before- and after-value of every change
  • Permission Auditing to bring out any change in permission of Users and Groups
  • Comparison of permissions of Active Directory objects between two time intervals
  • Advanced date filters to view the logs separately for working and non-working hours
  • Restore modified or deleted objects and permissions in Active Directory
  • Complete or selective restoration of modified Group Policies
  • Monitoring of server availability, resource usage, performance counters and status of critical services.

A user-friendly installation procedure and interface make it easy for an administrator to configure the server and start auditing.

Figure 1: Dashboard Tab.

To begin, you have to go to the Settings Tab (Component Management) to add a domain, SharePoint Server or SQL Server. You have to provide basic details like name or IP address of the server, and login credentials of an administrative user. Once the IP address is identified, you can customize the auditing by selecting objects, object classes, operations, mailbox accesses, site URLs, databases, and other things you want to monitor. You have to provide the details of the SQL Server to store the auditing logs as the last step.

Once a server is added, you can sit back, relax and just keep watching how your server is being monitored and audited by LepideAuditor Suite.

Figure 2: Reports Tab.

You can see the reports in three different views – Grid, Graph, and Calendar. Almost every detail about a change will be displayed. For Active Directory and Group Policy, you have the option to roll back an unwanted change.

LepideAuditor Suite makes periodic backup snapshots to save the states of Active Directory and Group Policy Objects. You can view the generated snapshots and a detailed report of their content in the Restore Tab. In it, you have the option to restore the state of all or selected Active Directory and Group Policy Objects. Software lets you restore those AD objects from their respective tombstone states, which are not captured in snapshots. Also if an object’s state is stored in a snapshot, you can use it to restore that object even when it is neither available physically nor in tombstone state. This object restoration feature lets you set up a testing environment for Active Directory, where you can make some trial changes and then restore them later on.

Figure 3: Lepide Object Restore Wizard.

One more advantage is Health Monitoring, which lets you see the status of server availability, system services, resource consumption, performance counters, and increasing database size.

Figure 4: Health Monitoring of Active Directory & Exchange Server.

You can customize the audit reports with multiple functions like search, sort, filter, and group by, etc., to pinpoint all relevant records related to a common course of action. For example, you can collectively list all changes by a user. Such reports are required to create a trail of all actions performed by a user, a group, or on an object.

The best part is that you will receive real-time alerts for critical changes, unauthorized access, sudden password resets, password change attempts, changes in permissions or policies, suspicious mailbox access, server availability, status of system services, increasing resource consumption, and other important aspects.

You will receive predefined, customized or filtered audit reports periodically on important aspects like permission comparison, modifications in object or permissions, AD security and state, non-owner mailbox access, modifications in Exchange Policy or Group Policies, SharePoint site content and structure, and so on.
Alerts and scheduled reports will keep you posted about what is going on inside your organization, even when you’re not in the office.

A free trial of LepideAuditor Suite is available for a limited period. Please make sure to read the system requirements while downloading the software.