DirectAudit

Additional Resources

Home  |  Products  |  DirectAudit
Centrify DirectAudit

How Centrify DirectAudit Works

Centrify DirectAudit's next-generation, enterprise-scale architecture was designed to be highly scaleable, secure and reliable

Centrify DirectAudit functions like a surveillance camera for Windows, UNIX and Linux servers that hold business-critical data: HR systems, customer payment processing, or intellectual property.

Centrify DirectAudit records sessions by privileged users for use by IT auditors and enterprise SIEM solutions.

  • When privileged users — everyone from internal IT administrators and developers, to third-party vendors, to outsourced/offshore IT staff — log on to a system, DirectAudit captures their session.
  • For all platforms, DirectAudit captures a visual record that you can play back later to see exactly what happened.
  • DirectAudit also captures metadata, such as commands entered during a UNIX or Linux session, or programs launched and actions taken on a Windows system.
  • Thus IT security managers and compliance auditors have both a visual record you can view, plus a searchable and reportable database of commands executed and actions taken.
  • IT operations managers will also find the visual playback invaluable for troubleshooting.
  • DirectAudit integrates with SIEM and third-party monitoring tools such as Microsoft System Center Operations Manager, enabling you to select events of interest and "drill down" on them to see exactly what happened.

DirectAudit's Architecture

Centrify DirectAudit consists of five components designed for enterprise-class scaleability.

DirectAudit Agent

A system agent that runs on wide range of Windows, UNIX and Linux systems and efficiently captures user activity, session output. This captured data is securely streamed to a DirectAudit Collector for processing. The DirectAudit Agent requires minimal system resources and supports offline capture spooling for unparalleled reliability.

DirectAudit Collector

Executing as a Windows service to collect, compress and save to Audit Store, the Collector can handle dozens of users and hundreds of servers. Multiple Collectors can be deployed to provide load balancing and failover. New Collectors can be added on the fly with automatic configuration and discovery and no downtime.

Audit Store

Built on Microsoft SQL Server and designed to help provide massive scalability and efficient use of network resources, Audit Stores help scale session databases to multiple instances on separate hosts. Audit Stores also provide automated or manual archiving and deleting of sessions with push button simplicity.

Audit Server

Audit Servers provide central management and enforcement of Audit Roles and execution of distributed queries across the Audit Stores. Audit Servers also centrally control, monitor and report on Audit Stores, Smart Collectors and audited systems.

Auditor and Administrator Consoles

Easy to learn and use, Windows-based consoles provide search and replay of user activity and sessions as well as a central management console. The Auditor console seamlessly executes distributed auditor queries through a powerful query search or via ad-hoc Google style text queries. The Auditor also launches an elegant combination session replayer with support for session playback, navigation and export. The Administrative console provides central control and status of agents, collectors and stores. Additionally, the Administrative Console allows a manager to define and assign granular audit roles for limiting visibility and access to user session search and replay.

View a 5-Minute Demo
  A Better Way to Audit Request a Free Evaluation of Centrify DirectAudit
White Paper Privileged User Activity Auditing: The Missing Link for Enterprise Compliance and Security View
Now
On-Demand Webinar Beyond Logging: Addressing Security and Compliance with Detailed Audit Trails Linked to Active Directory