Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

[HOW-TO] Configuring Your DirectAudit Instance

11 April,19 at 11:50 AM

Many of our customers are either in the process of rolling out DirectAudit or have rolled out DirectAudit with the help of Centrify Professional Services.  DirectAudit is part of the Centrify Server Suite Enterprise Edition. DirectAudit provides full video capture of privileged sessions, tying all activity back to individual users for improved accountability, forensics and compliance.

 

DirectAudit installation requires a Windows Member server to run the DirectAudit Manager and DirectAudit Collector.  As well, you will need a Microsoft SQL server in order to store both the session data and the management database. The MS SQL database and database tables can be created using the install gui or the database creation scripts can be handed of to a SQL Admin to run separately.

 

Now, there are several ways to install the DirectAudit product, but the best practice recommended by Centrify Professional Services is to initially install the entire DirectAudit instance using a privilege AD account that has sysadmin rights on the MS SQL server instance.  This will ensure a functioning DirectAudit instance from the unix or Windows end nodes straight through to the MS SQL database.  While this methodolgy is safe for the initial set-up, Professional Services always recommends that administrators consider taking necessary steps to configure access to managing the DirectAudit instance, access to managing the DirectAudit AuditStore database and access to the audited sessions.

 

1. Configuring the permissions of the DirectAudit Management Database

 

The Management Database stores the permissions associated with the overall management of the DirectAudit Instance.  If you right-click the instance name, you can pull up the Security tab. As you can see, the owner with full rights to this Management Database is the person who installed DirectAudit.  For instance, the MS SQL Admin user could be listed here.  Normally, the person or group that needs to manage and configure the DirectAudit instance would be part of the Centrify Administrator group.

 

Screen Shot 2016-09-27 at 3.24.33 PM.png

 

 

2. Configuring the permissions the DirectAudit AuditStore Databases

 

The AuditStore Database stores the individual audit sessions either from a Windows or a Unix end point.  These are the audit sessions that provide full video capture/playback for your auditors/infosec to review.  Again, the permissions over the initial AuditStore database is given to the person who installed the instance. Normally, the person or group that needs to manage the DirectAudit AuditStore instance itself would be part of the Centrify Administrator group.  Right-click the AuditStore and you can access and manipulate the Security scope for the AuditStore.

 

Screen Shot 2016-09-27 at 3.24.58 PM.png

 

3. Configuring the Auditor Roles for Audited Sessions

 

Be default, a Master Auditor role is created for the entire DirectAudit instance. Normally, the initial user placed in Master Auditor role is the user that installed and configured the entire Audit instance.  In order to provide the necessary permissions to review the recorded audit sessions, you will need to replace the individual assigned to the Master Auditor role with a group of users and/or create new Auditor Roles and associate the correct permissions over the audited sessions.

 

 a. Adding a new Audit Role

 

 Screen Shot 2016-09-27 at 3.28.22 PM.png

 b. Provide a Name for the role

 

Screen Shot 2016-09-27 at 3.25.41 PM.png

 

 c. configure some filtering for the audit role

 

Screen Shot 2016-09-27 at 3.25.51 PM.png

 

 d. configure additional privileges

 

Screen Shot 2016-09-27 at 3.26.04 PM.png

 

 e. Assign an AD group to the new Audior Role

 

Screen Shot 2016-09-27 at 3.27.43 PM.png

 

Follow these easy steps to access and provide full set of features to enhance your DirectAudit installation. 

 

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.