Azul Zulu Java Multiple Vulnerabilities (2023-01-17)
I am seeing ADAudit Plus flagged for this vulnerability by Tenable/Nessus, running on the latest version of ADAudit+ Azul Zulu Java Multiple Vulnerabilities (2023-01-17): https://docs.azul.com/core/zulu-openjdk/release-notes/january-2023
Looking to start fresh
Hello, I have an active license with ADAudit Plus, but I am looking to wipe the databae and start fresh. A lot of changes have been made for file servers and the current data in there is no longer needed. How can I wipe the Database and start fresh without
User Work Hours
Hi ALL. Who use report "User Work Hours" ? How it works? Every time when we run it we have different results (( Sometime report says that user don't work several days but user works everyday in office in PC with agent((
Ontapp AdAuditPlus
hello everyone, I am using Netapp Ontap v 9.12.1. I am trying to connect with AdAuditPlus. I got the following error. Error in getting Shares,The network path was not found - Error Code:35 Anyone have experience on this? Thanks. https://www.manageen
No option to add email and phone number to adaudit report.
I am attempting to run a report for new AD users created between xyz and xyz that includes all information from there AD account. Including phone number and email address as we populate those fields when creating the AD account. However I don't find where I can add those as a column in the report. Does anyone have information on this?
difference timestamp of last event vs last event read time
after installing new adaudit, it's different like this, what should I do, Any and all help is appreciated. Thanks you
User session recording
Is there a possible way to do a user screen recording when there is an action like opening a browser or compressing a file? Any and all help is appreciated. Thanks you
Audit Report/Summary not working properly
Hi all, We recently migrated our file server to new server. After the migration, Audit Plus unable to track changes on 3 shared drives, while another 3 shared drives are able to be tracked. I already configured the audit setting as per guide, already
Variable in alert email subject
I've created an alert to email me when a user is locked out - pretty easy. What I would like to do, however, is to add the following to the email subject: - username of the user who was locked - name (displayname or lastname and firstname) of the user
AD Audit Plus migrate to MS SQL
Hello! I try to transfer the database to MSSQL, but every time I get an error: [SYSERR]|[INFO]|[36]: java.sql.SQLException: Cannot find the symmetric key 'ZOHO_SYMM_KEY', because it does not exist or you do not have permission.| The rights of the sql
No data available, but policies are configured correctly.
Dear all, maybe someone already had this issue and can point me in the right direction: in ADAuditPlus (latest release), Tab Reports, I am unable to visualize any kind of information regarding LogonAudit, AD Changes, User Management... Is almost everything
Alert when user is moved out of a specific OU
I am trying, unsuccessfully, to create an alert profile that will alert when a user is moved OUT of a specific OU. I have been successful in creating an alert for when a user is moved IN to a specific OU, but not the reverse. Any help would be app
Send summary view on af specific domain
Hi. How to send the daily summary (under sumary view) only on a specific domains to someone? You can see the differences by choising domain under summary view, but the e-mail including all domains. Thanks. Long H.
ADAudit Plus Laps Report
We are looking to audit our LAPS password attribute reads, but we do not use the GUI tool from Microsoft to read the password attribute. The current LAPS Password Read report only seems to get the events that are generated by the gui tool and not the
ManageEngine security advisory
Yesterday there was an email message from security-advisory@manageengine.com with a "ManageEngine security advisory". How do I subscribe there?
openssl 3.x
Referring to https://pitstop.manageengine.com/portal/en/community/topic/does-endpoint-central-use-openssl-3-x-x-branch Is ADAudit Plus (or any other product from ManageEngine) using openssl 3.x? Reason: CVE-2022-3602 and CVE-2022-3786
Source for User Logon Reports\Logon Failures
We don't use all the aspects of AD Audit Plus, just a select few. Most of the reports we need work fine from the audit configs we have. However, under "User Logon Reports", LOgon Failures, Logon Failures based on users, failures due to Bad Password,
Event Log Audit
Am I correct in my suspicion that ADAudit Plus can't monitor ANY random event from the Windows security log? I was dissapointed when I was trying to make a report for event with Id 4657 - https://www.manageengine.com/products/active-directory-audit/kb/object-access-events/event-id-4657.html
Apache Commons Text 1.5.x < 1.10.0 Remote Code Execution (CVE-2022-42889)
It appears that ADAudit+ is possibly vulnerable to CApache Commons Text 1.5.x < 1.10.0 Remote Code Execution (CVE-2022-42889) in its current release, I have not validated this beyond our vulnerability detection software (Tenable.io). Can you please validate
Use real SSL certificate for ADAudit website?
I cannot see this in the ADAudit documentation. How can a real SSL certificate be used with ADAudit instead of the self-signed one?
Purge Old datas
Hi, I have a question regarding archiving. Currently I have set Adaudit Plus to archive datas older than 60 days. Our AdAudit Plus\pgsql\data folder is 81Go Our AdAuditplus\archive folder is 5Go But when I search for event, for example on my user, I can find event from June 2016. A little bit more than 60 days. So why I have event "active" with more than 60 days ? Another related question, if I want to purge old archive, I have just to delete the zip file on the folder ?
Remove report cover pages
Since one of the recent updates, each of the reports I've set to email to me every morning now have a cover page on them. It means that when I'm clicking through them all in the morning I now have to scroll down to the second page on every report. Is
Need to make an alert on anytime "password never expires" is set
Anyone have this alert and can tell me what is needed? Thanks
error 404 after update to 7080
Hi ALL Anybody has similar issue in build 7080
Just thought I would share. How far back you can see event data.
If anyone is wonderirng ever, to confirm when you started receiving data on your ADAudit server, just navigate to the following path: "Program Files\ManageEngine\ADAudit Plus\logs\wrapper.log" At the top is when the ADAudit service first started. So we
Steps to protect ADAudit Plus from Log4j vulnerabilities
Note: This post is not applicable for customers running build 7060 and above, as ADAudit Plus comes bundled with Log4j version 2.17.1 which is not affected by the 3 vulnerabilities (CVE-2021-44228, CVE-2021-45046, and CVE-2021-45105). We strongly recommend
New SSL cert
I see ADManager has a GUI to replace the cert How do you update the cert for ADAudit?
Alert not working correctly - Password Never Expire Enabled
Trying to trigger an alert that ONLY triggers if the attribute "'Don't Expire Password' - Enabled" is enabled, outside of these OU's I listed. It works BUT it also triggers when the attribute is disabled(box unchecked in AD). Anyone else run into t
Backup and Restore Steps AD Audit Plus
Hi, Please someone share the simple PGSQL Backup and Restore steps for AD Audit Plus. Thanks, Ramesh
Configuration of ADAudit Lockout Report - images missing from documentation
We are trying to properly configure the Lockout Analyzer tool within ADAudit. Our investigation brought us to the documentation stored at the path below. <serverpath>/help/troubleshooting/troubleshooting.html#dap On scrolling to the section we need, the
Can't update AD Audit Plus
Hi, Running ADAudit out of the box with whatever self-signed cert that came with it. However, when I attempt to patch it, I get the following error: " Keystore file not found. Kindly import certificate before applying patch." As far as I can tell, there
Enable / Disable Configuration for Auditing
Anyone else use these settings in the screenshot that we have disabled? Are they useful?
How ADAudit Plus helps you assess your exposure to Follina (CVE-2022-30190)
Hello everyone, This forum post is to notify that ADAudit Plus' exclusive Process Tracking reports can help you detect Follina (CVE-2022-30190) exploitation attempts in your environment. Read our blog to learn more about how you can assess your exposure
Create alert for Group Policy Settings Changes
Hello, I'm hoping to create an alert based on the 'Group Policy Settings Changes' report, but don't appear to be able to. An action is seen in this report that is not detected in the GPO Management alert profiles. Is there a reason why you can create
Logs of when ADAudit accesses a server
I receive alerts about possible intrusion events. The account we set in ADAudit is the account being flagged. Is there a log that I can view that shows when ADAudit accessed a server and directory at a specific time to verify this is legit activity?
Scheduling Reports
Hello. We are wanting to schedule reports in AD Audit however we would like to see the complete list of reports that could be scheduled before we do any. However it doesn't seem like you can expand the entire lists to display all of them together. Is
GPO Management shows no data
Hello, We use a service user for AuditPlus. Most of reports are working excpet the GPO part : - No Data at all for GPO Management - No "Modified By" nor "Domain Controller" for GPO Settings Change". On "Domain Settings", Domain Controller show sometimes
Can access Audit Dashboard even though Windows Service is not running
We updated our AuditPlus to 7060 from 7000s After updating, i am able to access the web page of audit plus even though the Audit Plus windows service is not running. When i try to run the window service, it wont let me, it just goes back to stopped status.
Why is the DataEngine Xnode service / modules folder housed on the install folder?
"Program Files\ManageEngine\ADAudit Plus\apps\dataengine-xnode" I get that this feature is to reduce search times but why can't a lot of these audit logs located in the below folder to go MSSQL? Program Files\ManageEngine\ADAudit Plus\apps\dataengine-xnode\data\main\audit-log
Does ADAdut Plus support IBM V7000 SAN auditing?
We use an IBM V7000 as one of our file servers. It's a SAN but I don't see an way to add it for file auditing.
Next Page