DirectAudit

Additional Resources

Home  |  Products  |  DirectAudit  |  Key Features Illustrated
Centrify DirectAudit

UNIX and Linux Session Auditing

Detailed, nonintrusive recording of privileged user sessions on UNIX and Linux

DirectAudit's easy-to-install, low overhead Agent silently and transparently gathers comprehensive user session activity: what actions were taken, what changes were made to key files and data, and what system results appeared. DirectAudit records this data without interrupting the user's workflow.

Auditor Console Gives You Global View of User Sessions

The DirectAudit Auditor Console gives you a central, global view of user sessions across your audited Windows, UNIX and Linux environment. Out-of-the-box views show both current and historical sessions grouped by computer, by user, and other criteria. In this example, you can see all sessions during a specific time period: this month. Notice that the list contains both Windows and UNIX/Linux systems in a single view. Right-click on a session to replay it.

Visual Replay

Using the DirectAudit Combo Replayer, with a simple right-click you can replay any user session on any audited system to see what commands were executed, what changes were made to key files and data, and what system output appeared. You can pause, rewind, fast-forward, scrub through the timeline, or jump to a specific point — as easy as using a VCR. This unique playback feature gives IT security and IT auditors the ability to verify what privileged users are doing on audited systems. It also provides a powerful tool for monitoring real-time and historical activity, troubleshooting changes that may have led to a system failure, or documenting system configuration tasks.

In this example, clicking on the indexed event list on the left takes you directly to the place where the user tried to switch to the root account and log in. This unique session replay feature helps you proactively spot insider threats and takes the guesswork out of troubleshooting system problems.)

Indexed Event List for Session Recordings

The indexed event list shows a timeline of the commands that were executed during a UNIX or Linux session, providing a high-level overview. You can use the indexed event list to start a session replay from that exact point.

In this example, you can see the user was attempting to switch to the root account.

View a 5-Minute Demo
  A Better Way to Audit Request a Free Evaluation of Centrify DirectAudit
White Paper Privileged User Activity Auditing: The Missing Link for Enterprise Compliance and Security View
Now
On-Demand Webinar Beyond Logging: Addressing Security and Compliance with Detailed Audit Trails Linked to Active Directory