I just recently wrote a blog that started with something my Grandpa used to say. “Never try anything new. Wait and see if some kill someone first”.
I don’t think I’ve much to worry about with Netwrix Auditor VEGA. One of the first things I’ve got to say concerns the documentation. I always like anything that gives me detailed instructions, lots of pictures, and written on a fourth grade level. I always tell my students and colleagues, don’t make it too complicated. I know you’re smart, now impress people who don’t know that. Netwrix has taken that to heart. Looking at their documentation, there’s no doubt in your mind how to do. Netwrix has always been good on their documentation. Well, with Netwrix Auditor VEGA documentation, they just got better.
I built my test on a workstation turned server, running Windows 2008 R2 (all the latest patches etc.), a mere 4 GBs of RAM, and processors that were new a very long time ago. I ran a baseline before the install on the system and then after the install. There was an increase in system utilization, but it wasn’t that terribly bad. So another thing I like, despite several evolutions and additions, Netwrix Auditor still isn’t a resource hog.
The biggest obstacle to my install was SQL Server 2012 Express. I don’t run any native systems with an actual SQL database on them, and so I had to back out the SQL 2008 Express install I already had. A halfhearted attempt on my part to make it work with SQL 2008 Express didn’t work too well, but then I’m not a DBA, so it may have been more that rather than it wouldn’t.
Once I got past that hurdle, the install was easy. I have a ten-cent email server in my lab setup, and getting Netwrix Auditor to communicate with it was a cinch. I thought that the report subscription service was really interesting, and would be a perfect way to stay on top of changes and who’s doing what. Backing that with a Change Ticketing system is something that almost every SOX or HIPAA auditor will ask for, so that was of course one thing that captured my attention. One thing I do like about the report subscription service is the ability to detail who gets what reports. So Security and Admin would get AD reports, your Exchange folks would get theirs, and so on.
And speaking of SOX, let’s talk reporting. One thing that jumped out at me was the number of different reports that can be ran, and one in particular caught my eye, and that was the “Domain Controllers Change” report. Lately, I’ve been involved in building a number of DCs in remote areas where it’s wise to keep a weather eye on what happens with them. This report gives us the ability to know what, if anything, unexpected is happening. This is also one of the reports I’d want to get on a daily basis and again, not just me. I’m sure Security and others would take a keen interest in them.
There was a number of other reports I like. In particular, there are the VMware reports. Since Virtual Sprawl is often times the end result of not knowing what’s going on in your system, this series of reports will go a long way towards making sure that doesn’t happen. It looks not only at things I would expect, but things like changes in the data stores (it accurately caught the addition of space to a VM data store I made). If you’re fighting tooth and nail to control space on your data stores, this will help.
If there’s one thing I would like to see in reporting it’s the ability to “Personalize” it a bit. What I’m saying is a company might be more inclined to use it more, or act on what it’s telling them if their name and company logo is on the report.
But overall, change auditing got new capabilities, better look, and still easy to use. How can you go wrong?