• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1505
  • Last Modified:

Active Directory Auditing with Tripwire

We have tripwire in our organization.  We want to use it to audit changes to Active Directory.  For example, we want to know:

-What accounts have been deleted in the past 30 days, and who deleted it
-What changes have been made to groups and users, and who made the change
-Changes to group policy, and who made them

etc...Basically any change/addition/deletion and who did it.

Looking for a tech guide on how to implement this with Tripwire.
0
southpau1
Asked:
southpau1
1 Solution
 
mo_patelCommented:
trip wire is expensive, dont you guys have support with it.

i am using something less cheaper but i assume its the same principles.

one i have i create threads for each event u want to monitor and maybe raise an alarm on

have a look at this for a complete list of event id's

http://www.ultimatewindowssecurity.com/securitylog/encyclopedia/Default.aspx
0
 
southpau1Author Commented:
Not exactly what I was looking for, but helpful nonetheless.
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now