Many of our customers are either in the process of rolling out DirectAudit or have rolled out DirectAudit with the help of Centrify Professional Services. DirectAudit is part of the Centrify Server Suite Enterprise Edition. DirectAudit provides full video capture of privileged sessions, tying all activity back to individual users for improved accountability, forensics and compliance.
DirectAudit installation requires a Windows Member server to run the DirectAudit Manager and DirectAudit Collector. As well, you will need a Microsoft SQL server in order to store both the session data and the management database. The MS SQL database and database tables can be created using the install gui or the database creation scripts can be handed of to a SQL Admin to run separately.
Now, there are several ways to install the DirectAudit product, but the best practice recommended by Centrify Professional Services is to initially install the entire DirectAudit instance using a privilege AD account that has sysadmin rights on the MS SQL server instance. This will ensure a functioning DirectAudit instance from the unix or Windows end nodes straight through to the MS SQL database. While this methodolgy is safe for the initial set-up, Professional Services always recommends that administrators consider taking necessary steps to configure access to managing the DirectAudit instance, access to managing the DirectAudit AuditStore database and access to the audited sessions.
1. Configuring the permissions of the DirectAudit Management Database
The Management Database stores the permissions associated with the overall management of the DirectAudit Instance. If you right-click the instance name, you can pull up the Security tab. As you can see, the owner with full rights to this Management Database is the person who installed DirectAudit. For instance, the MS SQL Admin user could be listed here. Normally, the person or group that needs to manage and configure the DirectAudit instance would be part of the Centrify Administrator group.
2. Configuring the permissions the DirectAudit AuditStore Databases
The AuditStore Database stores the individual audit sessions either from a Windows or a Unix end point. These are the audit sessions that provide full video capture/playback for your auditors/infosec to review. Again, the permissions over the initial AuditStore database is given to the person who installed the instance. Normally, the person or group that needs to manage the DirectAudit AuditStore instance itself would be part of the Centrify Administrator group. Right-click the AuditStore and you can access and manipulate the Security scope for the AuditStore.
3. Configuring the Auditor Roles for Audited Sessions
Be default, a Master Auditor role is created for the entire DirectAudit instance. Normally, the initial user placed in Master Auditor role is the user that installed and configured the entire Audit instance. In order to provide the necessary permissions to review the recorded audit sessions, you will need to replace the individual assigned to the Master Auditor role with a group of users and/or create new Auditor Roles and associate the correct permissions over the audited sessions.
a. Adding a new Audit Role
b. Provide a Name for the role
c. configure some filtering for the audit role
d. configure additional privileges
e. Assign an AD group to the new Audior Role
Follow these easy steps to access and provide full set of features to enhance your DirectAudit installation.