Centrify Insight

With Centrify Insight, you can identify and analyze authentication, authorization and other events taking place on the UNIX, Linux and Mac systems managed by Centrify Suite or Centrify Suite Express. This information strengthens organizations' compliance efforts and improves security in on-premise and cloud environments.

Centrify Insight is currently available as a Splunk App. Splunk is an engine that collects, indexes and harnesses any machine data generated by an organization's IT systems and infrastructure — physical, virtual and in the cloud. Centrify Insight listens to Active Directory domain controllers and security event logs, as well as *NIX syslog and Centrify Suite logs, to provide the insight you need to answer security and forensic questions about Centrify-managed systems. This data is captured and summarized into a series of reports and metrics that can be displayed, reported, alerted and analyzed at a granular level.

The Splunk App for Centrify Insight is available free of charge on Splunkbase. Support is available on the Centrify Insight Community, where you can exchange best practice advice with Centrify staff and other Centrify Insight users.

For Centrify Express users, the basic use cases are:

• Monitor login history for both Active Directory and local accounts:
  • Successful and failed login attempts
  • Login methods used, including SSH, Telnet, and su
• Active Directory object changes:
  • Answer the questions "[when|who] [created|deleted|updated|enabled|disabled] a [user|group|computer] Active Directory object?"
  • Answer the question "What attribute(s) changed in the Active Directory object?"
  • Answer the question "What previous value(s) did the changed attribute have?"
• Interactively search Centrify debug logs
• View Centrify [support|express|company] tweets