EventSentry can monitor all changes to Active Directory and Group Policy objects down to the attribute level with ADMonitor, an optional Add-On.
Since Active Directory is a central database that stores all users, groups and computer objects of an organization, tracking all activity is crucial in order to maintain a secure network. Idle users and undetected changes can seriously compromise the security of a Windows domain.
Monitoring Active Directory changes using the security event log however is difficult, inefficient and cumbersome. ADMonitor solves this problem by monitoring Active Directory directly - with little reliance on the security event log.
ADMonitor offers:
ADMonitor completely integrates with EventSentry and is usually setup in less than 2 minutes.
Feature | EventSentry Built-In | EventSentry ADMonitor |
---|---|---|
Detect User & Group Changes | Yes | Yes |
Detect Any Attribute Change | No | Yes |
Before & After Values | No | Yes |
Requires Detailed Auditing | Yes | No |
Monitor Group Policy Changes | No | Yes |
Identify Problematic AD User Accounts | No | Yes |
Detect Local (Non-AD) User & Group Changes | Yes | No |
Password Expiration Reminder Emails | No | Yes |
Licensed Separately | No | Yes |
Blog Post
https://www.eventsentry.com/blog/2019/03/eventsentry-v4-0-introducing-admonitor.html
Review
https://4sysops.com/archives/eventsentry-4-0-siem-with-active-directory-monitoring/