Welcome to the Audit, Compliance & Data Insights. Today we will show you all the features and benefits of ACDI.
Here on the homepage, we can see the total number of existing dashboards in the system, total number of reports, number of events during the last twenty-four hours, and all the objects in snapshots from the entire history of snapshots of the eDirectory.
Here are some info panels which may be configured later in Menu > Administration.
Now you can view the dashboard analytics, list of most frequently used reports,
system usage data, and number of open files. Here you can monitor disk space, CPU, and RAM usage.
By clicking on the User Profile icon, you see the options to switch to dark mode, or minimize the size of the menu bar.
One of the main features of ACDI is Dashboards, where you can see the data about events in different systems, in the eDirectory, and Active Directory for now.
ACDI contains 7 default dashboards which allow you to audit events in the eDirectory or Active Directory.
This is the main NetIQ Audit Dashboard.
It visualizes data of events in the eDirectory that also comes to OpenSearch in a nice and clear format of graphics, charts, and tables.
In order to find an object, you can use the Search String.
To see processed and readable data, you need to use another tool — Reports. One of the default reports, called NetIQ Users Login Time, will help you with it.
After the “Last Name” filter has been applied, the report shows us that there is only one event for the user with last name “Strand” during the last seven days.
Let's go to our Dashboards and take a closer look at the ACDI default Dashboards. Here you have the Active Directory Audit Dashboard. It displays all the events which happened in the Active Directory.
From the NetIQ Driver Dashboards you get the data which comes from the ACDI monitor package using the third-party drivers. Currently in our system there are two drivers — AD driver and HR driver, which are configured to send events data to ACDI.
From the NetIQ Driver Dashboards you get the data which comes from the ACDI monitor package using the third-party drivers.
Let’s look at the NetIQ IDM System Overview Dashboard next. It provides data for total number of events in the eDirectory received either from audit by a native driver or from monitoring executed by third-party drivers.
The next dashboard — NetIQ Security Dashboard — allows you to monitor and audit various security events such as user disables and enables, lockouts by an intruder, or failed logins.
And the last of the default dashboards is the NetIQ Workflow Dashboard. It provides data received from the ACDI workflow monitor package.
The second main ACDI feature is the reporting system. As mentioned previously, the reporting system allows you to display and process data from a row format to a human, more readable one. In the NetIQ Monitor Dashboard, we saw that one of our drivers showed lots of error events. So here the NetIQ Audit Driver Events report will be helpful to get detailed information about the error events.
ACDI also contains a long list of default reports which are to be used to audit various parts of events.
The ACDI Reporting System can create reports based on schedule. Let’s go to the Reports page and use Schedule settings to schedule monthly reports with data about disabled users only. Here you see we choose “every month”, for instance. In the settings, you can also add the email address of reports recipients. The options of Export Format include CSV, XLSX, and PDF. And we can define the email address where this report will be sent in CSV, XLSX or PDF format.
There are two groups of reports. The first group are reports based on snapshots which show users, groups, roles and resources data. They are based on the attributes in a relevant source — either eDirectory or Active Directory. And the second group are reports based on events data, on object name, attribute which was changed, old and new values.
One of the many benefits of the ACDI Reporting System is the possibility of combining different indices in one report.
For example, it can combine snapshot and audit data, base object and object link by a value.
Or it can show attributes that contain DNs of requestor, recipient, approver, as well as approval and role information.
Let’s look how data is displayed in reports. We will use the NetIQ Audit Groups report.
For this purpose, we can use another default report — the NetIQ group Membership Report, which is based on data from snapshots.
From the data from the last snapshot, we can see that this group received thirteen new members.
The third and the last impressive feature of ACDI is History Browser, which allows us to monitor the timeline of objects in the eDirectory and the Active Directory. Let's check the important group — Admins — with help of the History Browser. At the top of the page, you see the timeline of the group snapshots and all events that happened during the selected time period.
With ACDI, you can get data about the current state of an object/objects or use compare mode to set the real object state from eDirectory from LDAP with a state from the timeline side by side.
Now we see that during the selected time period, 5 members were added. And there is also the data about the last modifier's name, modify time stamp, and revisions.
And if you need to, you can use the NetIQ Audit Groups report to check who exactly has added those members to the group.We have 3 modifiers — admin, demo admin, and TTP demo admin. This data can be used to continue the investigation. These have been the main ACDI tools to help you audit and monitor your Identity Management system.