Inappropriate Active Directory activity can put your sensitive resources at risk. And the longer an inappropriate change goes undetected, the more likely it is that it will have lasting negative impact to the business. Without Active Directory change notification, it's hard to be instantly aware of critical system configuration changes. Real-time Active Directory alerts are essential to enabling IT staff to proactively detect threats that can put security at risk.
Netwrix Auditor for Active Directory alerts system administrators immediately about the most critical Active Directory changes that could turn into security incidents by sending them real-time alerts about specified modifications as they happen. Administrators can enable the predefined real-time alerts provided by Netwrix Auditor, as well as create their own custom alerts.
While staying abreast of improper changes to AD is critical, it’s not sufficient to ensuring the security of your valuable assets. That’s why Netwrix Auditor also offers threshold-based alerts that notify appropriate staff about suspicious user activity. For instance, the threshold-based alert on multiple failed logons helps administrators spot threats — such as a brute-force attack — in progress, so they can respond immediately to protect systems and data.
Multiple recipients can be designated to receive any Active Directory change notification or threshold-based alert. For example, a system administrator, an IT manager and an information security officer can all receive a real-time alert whenever the membership of the Enterprise Admins group or the Domain Admins group is modified. The template of the email alert can also easily be customized.
Each Active Directory change notification or threshold-based alert includes detailed information about the event: who did what, when and where, the "before" and "after" values for each modification, and the name of a workstation for each logon. As a result, IT staff can keep a tight grip on the most critical system activity and quickly detect unauthorized or malicious users, thereby reducing the risk of security or regulatory violations significantly.