Here is an overview of key features of Centrify DirectAudit. For a detailed feature explanation, download our free white paper, Privileged User Activity Auditing: The Missing Link for Enterprise Compliance and Security.
Centrify DirectAudit captures and collects a detailed record of privileged user sessions on Windows, UNIX and Linux systems. The DirectAudit Auditor Console gives you a central, global view of user sessions across your audited environment. Out-of-the-box views show both current and historical sessions grouped by computer, by user, and other criteria.
You can see what happened in a specific session at a high level by viewing an command/event list, or you can replay a video to see every action and every system response. You can pause, rewind, fast-forward, scrub through the timeline, or jump to a specific point. This unique playback feature gives IT security and IT auditors the ability to verify what privileged users are doing on audited systems. It also helps you proactively spot insider threats and takes the guesswork out of troubleshooting system problems.
You can use out-of-the-box views to see active sessions and historical sessions, or build your own views that show sessions by specific users, machines, time periods, or other criteria. You can also perform full-text searches for command strings and other metadata.
User session metadata is centrally collected for easy custom reporting on user activity. By adopting a non-proprietary SQL data format, DirectAudit enables robust reporting and querying through third-party tools. An event serialization service enables integration with SIEM and alerting tools.
You can configure DirectAudit to trigger auditing sessions for specific users, computers or DirectAuthorize roles. DirectAudit policies be set within a Global Zone or Child Zone, enabling secure delegation of audit policy settings.
The DirectAudit Auditor Console also gives you a centralized, real-time view of every user session on every audited Windows, UNIX and Linux system. For each session you can see who is logged on, and you can immediately drill down to see what they are currently doing.