Active Directory Long-Term Historical Reporting

Start Using Netwrix Auditor for Active Directory:

Download your free 20-day trial

Many compliance regulations require organizations to retain their audit trails for extended periods: from as little as one year to seven years or even longer. In order to comply with these standards, organizations must develop long-term data storage strategies to keep consolidated audit data for as long as needed.

Even if your organization is not subject to any information security compliance standards and doesn't have to prove continuous compliance, keeping Active Directory audit data for years in a long-term archival storage is vital for security investigations. Data breaches start long before they become public, so discovering the root cause is often impossible without long-term historical data.

Many security and compliance software solutions store security data in databases only and don't have any integrated data archiving tools. As the volume of retained data grows over time, database performance can suffer, forcing the organization to either buy a more expensive database, increasing the cost of storage, or use standalone database archiving tools to compress the data.

Netwrix Auditor for Active Directory includes AuditArchive™, a two-tiered (file-based + SQL database) storage that keeps a consolidated audit trail of Active Directory and Group Policy changes, configurations and logon activity archived in a compressed format for more than 10 years, as required by compliance regulations or internal policies, while ensuring that all audit data can easily be accessed at any time.

This data archiving strategy was designed to provide both high performance and long-term retention. The first tier stores collected audit data in a SQL database for fast reporting. The second tier features file-based compressed storage to facilitate long-term data archiving for historical reporting. This approach both saves disk space on your SQL Server and improves its performance in processing report queries.

By default, the data is stored for 180 days in the database and for 120 months in the file-based storage. However, both tiers have flexible retention settings that can easily be adjusted to your organization's data storage strategy.

After 180 days (or your specified period), the audit data is automatically deleted from the database, eliminating the hassle of manually archiving data in SQL Server and subsequent cleanup. If you need the data to investigate past issues, you can easily extract the audit data from the long-term archive, either granularly or in its entirety, and import it back to the audit database for your investigation.

Also, with the AuditArchive™, you can specify one of your existing long-term storage solutions as the location for Netwrix Auditor to write its file-based data archive.

Microsoft MVP Don Jones states, "Netwrix offers one of the most well thought-out long-term data archival solutions, using a two-tiered system that utilizes SQL Server for reporting, and file-based compressed storage for long-term storage."