Quest Change Auditor

Monitoring Active Directory (AD) and hybrid Microsoft environments


Change Auditor


Active Directory continues to be the cornerstone for securing access to business-critical applications. Yet change reporting and vulnerability monitoring for AD is cumbersome, time-consuming, and often impossible using system-provided IT auditing tools. Adopting Azure AD only increases your reliance on Active Directory (AD), while doubling the attack surface and introducing additional opportunities for ransomware and other exploits. This often results in data breaches and insider threats that can go undetected without protections in place. Fortunately, Change Auditor provides real-time threat monitoring and security tracking of all key user activity and administrator changes.

Change Auditor is a complete set of real-time Active Directory auditing tools offering in-depth forensics and security threat monitoring on all key configuration, user and administrator changes in your AD environment. Change Auditor tracks Active Directory changes and detects indicators of compromise (IOCs) across AD and Azure AD to thwart attackers and their attempts to deploy ransomware. Additionally, Change Auditor tracks lateral movement of adversaries across the network and audits suspicious user activity.

Quelle: Quest

is a partner
and we have been using Quest monitoring and compliance products with our customers for many years. For example, Change Auditor for Windows File Server and Windows Active Directory.

Hybrid security monitoring

Audit all security changes across your AD and Azure AD environments, including user and group changes, as well as exploits such as DCSync and DCShadow attacks, AD database exfiltration, and SIDHistory use.

360° security protection

Experience comprehensive Active Directory auditing tools offering everything from upfront vulnerability assessment to intrusion detection and monitoring of compromised accounts. Change Auditor has you covered at every step.

Threat detection

Detect threats early – including unauthorized domain replication, offline extraction of your AD database, and domain-level GPO linking – to mitigate and avoid costly ransomware attacks.

Normalized 5W audit details

Translate cryptic system-provided logs into a simple, normalized format highlighting the who, what, when, where and workstation details, and before and after values.

Threat prevention

Block attackers from making changes to critical groups, GPO settings and linking or exfiltrating your AD database to steal credentials – regardless of the privileges they’ve hijacked.

Real-time alerts on the move

Send critical change and pattern alerts to email and mobile devices to prompt immediate action, even while you’re not on site.

Forensic reporting

Track Active Directory changes with a detailed audit trail of every change made to AD and Azure AD, including who made them, without the blind spots of built-in auditing functions.

Account lockout

Capture the originating IP address/workstation name for account lockout events to simplify troubleshooting.

Quelle: Quest

Change Auditor

Important functions and features

Security threat monitoring
Detect attack attempts, lateral movement through your network, and post-attack damage done to your critical workloads like Exchange and file systems with this comprehensive set of Active Directory auditing tools. 
Related searches
Use this comprehensive set of Active Directory auditing tools for instant, one-click access to all information on the change you’re viewing and all related events, such as what other changes came from specific users and workstations, eliminating guesswork.
AD-change rollback
Restore previous values on unauthorized, mistaken or improper changes with the click of a button, directly from the Change Auditor console.
SIEM integration
Enrich SIEM solutions including Sentinel, Splunk, ArcSight, QRadar or any platform supporting Syslog by integrating Change Auditor’s detailed activity logs.
Threat timelines
View, highlight and filter change events and discover their relation to other threat events in chronological order across your AD and Azure AD environment for better forensic analysis and security incident response.
Superior auditing engine
Track Active Directory changes without the need for system-provided audit logs, eliminating blind spots, and resulting in increased visibility of suspicious user activity.
Secure AD attack paths
Identify Tier Zero assets and the attack paths to them using BloodHound Enterprise and monitor and secure those attack paths to avoid exploits with Change Auditor. 
Auditor-ready reporting
Generate comprehensive reports to support regulatory compliance mandates for GDPR, PCI DSS, HIPAA, SOX, FISMA / NIST, GLBA and more.

Quelle: Quest

Change Auditor


Change Auditor for Active Directory and Change Auditor for Logon Activity detect and report changes to critical objects in Microsoft Active Directory and Azure AD – all with a single, correlated view of your hybrid AD environment. Track Kerberos, NTLM and ADFS authentications to identify vulnerabilities and exploits.

With just a few clicks, you can link Change Auditor and On Demand Audit to get a single hosted view of all changes made to AD, Azure AD, Exchange Online, SharePoint Online, OneDrive for Business and Teams.

Change Auditor for Windows File Servers helps you to efficiently and cost-effectively control and audit changes in Microsoft Windows Server environments. Proactively track and audit important changes, including user and administrator accounts, and benefit from relevant reports and alerts – all in real time and without the hassle of native auditing.

Change Auditor for Exchange simplifies Exchange auditing. Track and audit changes locally in Microsoft Exchange as well as in Exchange Online and benefit from corresponding reports and alerts – all in real time in a single, correlated view.

Change Auditor for SQL Server ensures simple and secure database auditing for Microsoft SQL Server. The solution enables the tracking and auditing of changes as well as the creation of corresponding reports and alerts – in real time. Events are described in a straightforward way so that auditing is neither time-consuming nor complex.

Ensure the security, compliance and control of files, folders and shares by tracking, auditing, reporting and alerting on all changes in real time. With Change Auditor for NetApp and Change Auditor for EMC, you can analyze and report on events and changes without the complexity and time associated with built-in auditing capabilities.

Change Auditor for SharePoint enables faster, easier and more secure auditing of SharePoint, SharePoint Online and OneDrive for Business. This solution makes events easy for users to understand and stores data in a centralized and secure database. It also monitors and audits important changes in real time and provides reports and alerts on these changes in relation to the following:

  • SharePoint farms, servers, sites, users, permissions, etc.
  • File and folder activity and moving sensitive data to and from OneDrive for Business

Quelle: Quest

External Links (provided by Quest®):

Free Trial of Change Auditor

Get your free 30-day trial version today.

Change Auditor for Active Directory

Download Free trial

Change Auditor for Windows File Servers

Download Free Trial

Change Auditor for Logon Activity

Download Free Trial