Centrify DirectAudit Key Features Illustrated
DirectAudit combines unique session auditing and replay features across Windows, UNIX and Linux along with comprehensive searching capability and real-time-monitoring
Detailed Recording and Playback of Privileged User Sessions
Centrify DirectAudit's core feature is its ability to capture and collect a detailed record of a privileged user sessions on Windows, UNIX and Linux systems. From a single, central console and session replayer, IT security managers, IT auditors, and IT operations managers can see what happened in a specific session at a high level by viewing a command/event list, or they can replay a video of the entire session to see every action and every system response. To learn how the session capture and replay works on different platforms:
See the following sections for additional features.
Comprehensive, Easy-to-Use Query, Search and Reporting Capabilities
You can use the DirectAudit Console's out-of-the-box views to see active sessions and historical sessions, or build your own views that show sessions by specific users, machines, time periods, or other criteria. Or perform full-text searches to find, for example, all instances of a password change command across all sessions. By adopting a non-proprietary SQL data format, DirectAudit enables robust reporting and querying through third-party tools as well.
Using the DirectAudit Query wizard, you can create your own views of user sessions and export them for reporting purposes. You can perform full-text searches of transcripts, or create structured queries with multiple filtering criteria. For example, this query has been set up to find all root logins on computers whose name starts with "rhel" and an additional filter is being added to limit the query to sessions in the past month.
Real-Time Monitoring with an At-a-Glance View of All Current User Activity
The DirectAudit Auditor Console gives you a centralized, real-time view of every user session on every audited Windows, UNIX and Linux system. For each session you can see who is logged on, and you can immediately drill down to see what they are currently doing. This is an invaluable tool for both spotting suspicious activity and quickly troubleshooting system issues. By clicking on folder (such as "Active Sessions" or "This Month"), you can all the relevant sessions. You can see the user name, the system they're logged into, and start time. To see what they've been doing, just right-click to replay the session.
