Active Directory-based authentication, access control and role-based privilege management for Windows, Linux & UNIX
Standard Edition + privileged user auditing
Enterprise Edition + encryption of data-in-motion and server isolation
Any Edition + single sign-on for SAP, Apache and J2EE/Java applications
Single sign-on for cloud apps + mobile device supportMac Edition
Active Directory-based authentication and Group Policy management for Macs + mobile device supportPremium Edition
SaaS and Mac Editions + mobile device supportCentrify for Samsung KNOX
Active Directory-based SSO, MCM and MDM for KNOX-enabled devices
Wednesday, August 1, 2012
Centrify Insight was recently updated on splunkbase to version 1.3. As I have previously blogged, Centrify Insight is a free monitoring and reporting tool built on Splunk that helps you identify and analyze authentication, authorization and other events taking place on the UNIX, Linux and Mac systems managed by Centrify Suite or Centrify Suite Express.
Frequently our customers have told us that while they rely on Centrify to provide complete granular control over their UNIX and Linux systems, they leverage Splunk side by side with Centrify for visibility into the access and health of those same systems. As a result Centrify is a strong supporter and partner of Splunk. In the past year we have done several joint events including Centrify appearances at Splunk Live events, a joint webinar espousing the benefits of the Windows and Active Directory apps from splunk in combination with Centrify Insight and we have contributed as guest bloggers for Splunk. We look forward to continuing and expanding this vital partnership in the coming quarters.
One more thing: Centrify is a sponsor and will be appearing at the upcoming Splunk .conf at the Cosmopolitan Hotel in Las Vegas, September 10th through the 13th. We will have a booth showing off the latest version of Centrify Insight as well as the Centrify Suite and would love to talk with you and show you a demo. See you there!
But back to this post…In this blog post I would like to highlight a few of the main features of Centrify Insight. In addition, Centrify Insight version 1.3 adds several exciting new dashboards and features that I would like to introduce to you.
Centrify Insight provides real-time visibility into the management of, and access to, UNIX and Linux systems protected by the Centrify Suite. Centrify Insight also provides reports and forensics with respect to changes made in Active Directory, management of Centrify Zones and the health of DirectControl agents. Centrify Insight is a Splunk application that listens to Active Directory domain controllers and security event logs, as well as *NIX logs and the Centrify Suite logs to provide the type of insight you need to answer security and forensic questions about Centrify secured systems. Centrify Insight uses Splunk as an enabling platform to provide operational intelligence on the local *NIX system and Active Directory accounts, identity, access, roles and health of Centrify protected systems. And best of all, Centrify is making this available for FREE!!!
The Centrify team has been hard at work improving the capabilities, adding features and adding support for the most recent releases of the Centrify Suite and the Splunk platform.
As a reminder, Insight 1.0 initially provided answers regarding changes to Active Directory objects in order to answer questions such as “When and who changed a user, group or computer object in Active Directory” and “What attribute(s) were changed and what were the previous value(s)”. In a similar manner Insight tracked Centrify Zone changes to answer questions such as "Who Zone-enabled a user, effectively provisioning access to all systems in that Zone?” or "What attributes were changed in the Zone object and what were the previous values?". For Insight 1.3, support for the latest Zones (including hierarchy and inheritance) has been updated.
Centrify Zone Activity search pane allows you to search for any Centrify object type including changes, adds and deletes in a Zone or across many zones.
In the several iterations since Insight 1.0 including this latest 1.3 version, we have added many other important features and benefits:
One of the primary use cases for Centrify Insight is to monitor all system access attempts on systems protected by the Centrify Suite. This includes both successful and failed logon attempts by users who are either managed locally or in Active Directory. Centrify insights can also breakdown access methods (e.g. console, ssh, su), the top users accessing systems, password change attempts and even users who have access to systems but who have not logon for a period of time.
Systems Access dashboard shows statistics of user/group/computer accounts, password changes and user login attempts.
In addition to monitoring system access to particular systems, you can pivot and examine, report and alert on users access activity.
Login Statistics Overview dashboard shows summary information for systems protected by the Centrify Suite.
Finally, you can centrally monitor the health and availability of the Centrify Agent from a single dashboard using Centrify Insight.
Centrify Health Overview gives you a central dashboard of all DirectControl agents, their status and relevant errors.
Centrify Insight is available free of charge on Splunkbase. You can pick up Centrify Express here. Finally, support is available on the Centrify Insight Community, where you can exchange best practice advice with Centrify staff and other Centrify Insight users. Check it out!