Solutions
Centrify Your UsersSSO for SaaS & AppsSSO for Mobile AppsSSO for Mac & LinuxSmart Card Authentication
Centrify Your SecurityPrivileged User ManagementAccess ControlServer Isolation & EncryptionSecurity Policy EnforcementServer Auditing
SOXPCIFISMANERC
Centrify Your ITActive Directory BridgingNIS-to-Active-Directory MigrationMobile Security ManagementMac ManagementCross-Platform Group Policy
Federal Government
OverviewFISMA
Products
Centrify for ServersDirectControlDirectAuthorizeDirectAuthorize for WindowsDirectAuditDirectAudit for WindowsDirectSecureDirectManageCentrify Suite 2013Centrify Suite Editions
Centrify for Mac & MobileDirectControl for MacCentrify for MobileMobile Authentication Services
Centrify for SaaS & AppsCentrify for SaaSCentrify for Office 365Centrify for Java & WebCentrify for SAPCentrify for Databases
5-Minute Demos
At-a-Glance Overviews
Want to Give It a Try?
Request a Trial or Ask for Question
Services
Services OverviewJumpStart PackagesOnsite TrainingOnline TrainingFree Online TrainingRequest More Info
Support
Customer Support PortalBenefits of Technical Support
Partners
Find a Centrify Reseller PartnerTechnology PartnersCentrify & MicrosoftCentrify & SamsungIndustry Alliances
How to Work with CentrifyPartner ProgramsPartner Application FormReferral ProgramReferral Registration FormOEM OpportunitiesPartner Network Login
Resources
Centrify Suite ResourcesRemote Access Tools for Linux & UNIXActive Directory Integration for Storage SystemsCentrify Suite Deployment & Migration ToolsCentrify Cloud ToolsCentrify Suite Integration with Provisioning SystemsCentrify Suite Reporting ToolsVideo Chalktalk LibraryCentrify WebinarsCustomer Success StoriesWhite Papers & Datasheets
Centrify BlogsCentrify BlogCentrify TechnovationsLeveraging MicrosoftThe Centrify Apple GuysCentrify Express CommunityCentrify RSS Feeds
About Us
Corporate OverviewExecutive ManagementInvestorsContact UsJobs at Centrify
News
News & Events OverviewPress ReleasesAwards & ReviewsCalendar of EventsWhat the Press SaysWhat the Analysts Say
Centrify DirectAudit

Features

Here is an overview of key features of Centrify DirectAudit. For a detailed feature explanation, download our free white paper, Privileged User Activity Auditing: The Missing Link for Enterprise Compliance and Security.

Detailed Recording and Playback of Privileged User Sessions

DirectAudit Query Wizard
DirectAudit Auditor Console

You have a single view that contains sessions for Windows, Linux and UNIX sessions.

ADUC Integration
ADUC Integration

You can also right-click on users in Active Directory Users and Computers and view DirectAudit-recorded sessions.

Centrify DirectAudit captures and collects a detailed record of privileged user sessions on Windows, UNIX and Linux systems. The DirectAudit Auditor Console gives you a central, global view of user sessions across your audited environment. Out-of-the-box views show both current and historical sessions grouped by computer, by user, and other criteria.

Visual Replay with Indexed Search

DirectAudit Replayer
DirectAudit Replayer: Windows Example

In this example clicking on the indexed event list on the left takes you directly to the place the admin launched a SQL Server session.

Linux Example
DirectAudit Player: Linux & UNIX Example

In this example, clicking on the indexed event list on the left takes you directly to the place where the user tried to switch to the root account and log in.

You can see what happened in a specific session at a high level by viewing an command/event list, or you can replay a video to see every action and every system response. You can pause, rewind, fast-forward, scrub through the timeline, or jump to a specific point. This unique playback feature gives IT security and IT auditors the ability to verify what privileged users are doing on audited systems. It also helps you proactively spot insider threats and takes the guesswork out of troubleshooting system problems.

DirectAudit Query Wizard
DirectAudit Query Wizard

Using the DirectAudit Query wizard, you can find sessions based on a wide variety of criteria, create your own views of user sessions, and export them for reporting purposes.

You can use out-of-the-box views to see active sessions and historical sessions, or build your own views that show sessions by specific users, machines, time periods, or other criteria. You can also perform full-text searches for command strings and other metadata.

Reporting and Alerting

User session metadata is centrally collected for easy custom reporting on user activity. By adopting a non-proprietary SQL data format, DirectAudit enables robust reporting and querying through third-party tools. An event serialization service enables integration with SIEM and alerting tools.

Policy-Based Auditing Integrated with Role-Based Authorization

You can configure DirectAudit to trigger auditing sessions for specific users, computers or DirectAuthorize roles. DirectAudit policies be set within a Global Zone or Child Zone, enabling secure delegation of audit policy settings.

Real-Time Monitoring with an At-a-Glance View of All Current User Activity

The DirectAudit Auditor Console also gives you a centralized, real-time view of every user session on every audited Windows, UNIX and Linux system. For each session you can see who is logged on, and you can immediately drill down to see what they are currently doing.

Free Trial

Test Drive DirectAudit

Request a free, fully functioning version of the Centrify DirectAudit.
White Paper

Privileged User Activity Auditing: The Missing Link for Enterprise Compliance and Security