Lepide Auditor For File Server 56
Product page: SQL Server AuditAlexa ranking: 42Status: ActiveFirst release: 8/6/2008 (SQL 2008 release date)Last update: 8/27/2018 (SQL 2017 cumulative update 10)Add-in support: NoPublisher: MicrosoftLicense: N/APrice: FreeFree edition: N/ADescription: SQL Server audit lets you create server audits, which can contain server audit specifications for server level events, and database audit specifications for database level events. Audited events can be written to the event logs or to audit files.
Lepide Auditor For File Server 56
Varonis is a security platform that allows visualization, analysis, and protection of unstructured data. The software can be used to identify and inspect unusual privilege escalations and unauthorized access to Active Directory, file servers, and email systems. The solution helps find critical mis-configurations on AD objects, groups, Group Policy Objects, and Organizational Units.
2 Lepide Software Private Limited, All Rights Reserved This User Guide and documentation is copyright of Lepide Software Private Limited, with all rights reserved under the copyright laws. This user guide cannot be reproduced in any form without the prior written permission of Lepide Software Private Limited. No Patent Liability is assumed, however, with respect to the use of the information contained herein. Warranty Disclaimers and Liability Limitation LepideAuditor for File Server, and any and all accompanying software, files, data and materials, are distributed and provided AS IS and with no warranties of any kind, whether expressed or implied. In particular, there is no warranty for any harm, destruction, impairment caused to the system where LepideAuditor for File Server is installed. You acknowledge that good data processing procedure dictates that any program, including LepideAuditor for File Server, must be thoroughly tested with non-critical data before there is any reliance on it, and you hereby assume the entire risk of all use of the copies of LepideAuditor for File Server covered by this License. This disclaimer of warranty constitutes an essential part of this License. In addition, in no event does Lepide Software Private Limited authorize you or anyone else to use LepideAuditor for File Server in applications or systems where LepideAuditor for File Server failure to perform can reasonably be expected to result in a significant physical injury, or in loss of life. Any such use is entirely at your own risk, and you agree to hold Lepide Software Private Limited harmless from any and all claims or losses relating to such unauthorized use. Trademarks LepideAuditor for File Server is a copyright work of Lepide Software Private Limited. Windows 95, Windows 98, Windows ME, Windows NT, Windows 2000 Server, Windows 2000 Advanced Server, Windows 2003 Server, Windows XP, Windows Vista, Windows 7, and MS-DOS, are registered trademarks of Microsoft Corporation. All brand names, product names, logos, registered marks, service marks and trademarks appearing in this document are the sole property of their respective owners. These are purely used for informational purposes only. We have compiled a list of such trademarks but it may be possible that few of them are not listed here Contact Information firstname.lastname@example.org Website: Lepide Software Private Limited 2
4 1. Introduction Welcome to the of LepideAuditor for File Server. In this configuration guide, we have covered the system rights, requirements, settings and various steps required for first time usage of the software. LepideAuditor for File Server comes with two different consoles: Settings Console Reports Console In this guide, we will mostly deal with the settings console and also about how to receive reports. This includes adding file server, creating audit rules and policies, network settings, viewing reports and more. 2. System Requirements LepideAuditor for File Server (LAFS) needs some basic system requirements to run: Basic System Requirements: Pentium Class Processor 2 GB RAM 200 MB of free disk space for software installation Enough database space for storing records Supported Windows OS (32/64-bit) Versions: Windows 8 (all editions) Windows 7 (all editions) Windows Vista (all editions) Windows XP (all editions) Lepide Software Private Limited 4
7 4. NetApp Settings and Requirements In order to successfully audit and get reports from NetApp filers, we need to consider these following requirements: Recommended Versions LepideAuditor for File Server successfully audits and report events from NetApp filer with Data ONTAP 7.2 or later. The recommended version for complete feature availability is ONTAP or later. Agent Installation Multiple file server agents cannot be installed on the same agent server system for monitoring NetApp filer with Data ONTAP versions lower than 7.3. The agent can only be installed on the domain controller system. Do not install it on workgroup or client systems. When you install agent for NetApp file servers, use only NetApp local user. Lepide Software Private Limited 7
9 Network Access: Do not allow anonymous enumeration of SAM accounts and shares Disabled Network Access: Let Everyone permissions apply to anonymous users Enabled Double-click Network Access: Named pipes that can be accessed anonymously and select the checkbox to define policy settings. Type NTAPVSRQ and click apply. Network Access: Restrict anonymous access to Named Pipes and Shares Disabled Limitations Events will not be generated for the changes made from the agent server. In order to monitor security settings event reports (Owner, SACL and DACL), ONTAP 7.3 or later version is required. SACL (Audit) change events are reported but event details will not be shown in the reports. Connection Types LepideAuditor for File Server provides two types of connections with the NetApp filer from agent: 1. Asynchronous: This option is quick but it cannot capture security details. It captures the security events but does not show details. 2. Synchronous: This option captures security details but the process slightly slows down the performance of the filer. Lepide Software Private Limited 9
10 4.1 NetApp Auditing Flow LepideAuditor for File Server uses the CIFS Auditing mode which allows it to access changes made on NetApp Filers through Windows devices and successfully audit and report them. It uses the assigned File policy or FPolicy to capture events and audit changes within the File Server. The auditing process for NetApp filer is displayed in the below given image: The steps involved in the above image are: 1. The system where LAFS is installed connects with the agent computer for event collection. 2. The agent computer connects with the NetApp filer and tracks events as per the assigned fpolicy. 3. The NetApp filer sends immediate events for any change made within the file server. 4. The agent sends this event to the location where LAFS is installed. 5. LAFS connects with the SQL database and stores these events for report generation. 6. LAFS displays reports as per the audit rules and policies to display all changes within the File Servers. Lepide Software Private Limited 10
11 5. Adding File Server Post installation, the first thing that you need to do is to add a File Server to the application which you want to audit. With LAFS, you can add unlimited numbers of file servers from multiple platforms. These are: Windows File Servers NetApp File Servers 5.1 Adding NetApp File Server To audit a File Server, you first need to add the concerned File Server to LAFS. In order to add a NetApp File Server, execute the following steps: 1. Click Add File Server option from the Tool Bar of the LAFS-Settings Console or from the Add button. 2. Choose the File Server type that you want to add. The software allows choosing from Windows and NetApp File Servers. Click on NetApp Filer. Lepide Software Private Limited 11
14 9. The NetApp Agent Information page will open up. Here, provide details of the system where you wish to install the agent to collect changes from the NetApp filer. You can install the agent server on another system apart from the NetApp filer. However, it is important to note that the agent can only be installed on the domain controller system. Do not install it on workgroup or client systems. 10. Enter the name or IP Address of the agent system. 11. Provide Username and Password to allow access to software to install agent. 12. Now you need to choose the Connection Type. LepideAuditor for File Server provides two types of connections with the NetApp filer from agent: i). Asynchronous: This option is quick but it cannot capture security details. It captures the security events but does not show details. ii). Synchronous: This option captures security details but the process slightly slows down the performance of the filer Lepide Software Private Limited 14
16 16. The software will ask whether you want to create an audit rule. Click 'Yes' to create a new audit rule or you can select an existing audit rule to apply audit settings on the added NetApp file server. The newly added NetApp File Server will be displayed in the software interface. You need an Audit Rule to start monitoring the newly added File Server. Audit Rule is a combination of Audit Policy (holds information for the objects which are to be audited), users/user group who are to be audited, alert query type, alert format and recipient information. Audit Rule, Audit Policy, User Group, Alert Queries can be created from their respective sections as well as while creating an Audit Rule. The next section shows how to add a Windows File Server, if you want to directly proceed to adding an Audit Rule, go to Creating an Audit Rule. Lepide Software Private Limited 16
19 5. On clicking the Add button, all available domains in the network will be shown in the dropdown menu. Select the appropriate domain and click Find. 6. All available computers in the selected domain will be enlisted. Select the required file server which is to be added and click Ok. Lepide Software Private Limited 19 350c69d7ab