Real-Time Change Auditing for Active Directory, Group Policy, Server File System and Server Authentication Events

CPTRAX for Windows provides real-time enterprise-wide alerting and auditing for your Windows and Active Directory environments.

Functionality is provided in four separate modules (you select those modules critical to your needs):

Use CPTRAX to advance your IT compliance efforts relating to:
  • Sarbanes-Oxley (SOX)
  • Gramm-Leach-Bliley Act (GLBA)
  • Financial Services Authority (FSA)
  • Payment Card Industry (PCI) Compliance
  • Health Insurance Portability and Accountability Act (HIPAA)

 Click here to request your CPTRAX for Windows Quotation.

Auditing for Active Directory | Group Policy | Server File System | Server Authentication

CPTRAX for Windows has four separate auditing and reporting modules that enable you to purchase only the modules that you need:

  • Active Directory Real-Time Auditing and Alerting
    • By object class for create, delete and modify
    • By attribute for add value, remove value and modify value (includes before and after values plus rollback ability)
    • By specific object or by wildcard including path
    • By schema definition changes including new object classes and attributes created
    • Real-time alert examples:
      • Any change to administrative groups
      • Any time a user's account is locked out
      • Any change to designated admin or non-admin accounts
      • Alert based on event thresholds being reached such as too many users being created

  • Windows Server File System Real-Time Auditing and Alerting
    • Server File and Folder changes, optionally including name of Share used
    • Server File and Folder permission changes and ownership changes
    • Server File access including open, create, rename (move) and delete
    • Real-time alert examples:
      • Any time designated "sensitive" data is deleted, renamed, or moved
      • Any time a file with a specified file extension is created, opened, deleted, renamed or moved
      • Any time permissions are modified on designated "sensitive" data
      • Trigger alerts on high levels of activity such as excessive file deletes

  • Windows Server Authentication Real-Time Auditing and Alerting
    • Server Authentication activity for Terminal Server and Citrix sessions, Kerberos, NTLM, NTLMSSP and FTP sessions
    • Server Authentication Failures for Kerberos, NTLM, NTLMSSP and FTP sessions
    • Reports include IP address where request originated and login name used and/or attempted (for failed authentications)
    • Real-time alert examples:
      • Any time a designated admin account enters a bad password or is locked out
      • Any time there is a failed login within a specified IP or IP Range
      • Any time a user logs into a specified IP or IP Range
      • Threshold alerting of excessive activity such as logon failures

  • Group Policy Real-Time Auditing and Alerting
    • By existing GPOs and newly created GPOs
    • By gpLink and gpOptions attributes including changes to link priority
    • By status changes (enabled, disabled including version number revisions)
    • By actual granular level changes made including separate core and non-core files auditing
    • By comparison to predetermined baseline GPO(s) or previous version compare
    • Real-time alert examples:
      • Any change to the Default Group Policy Object
      • Any change to any specified Group Policy Object
      • Activity pattern alerting such as changes to Group Policy Objects over a period of time

Auditing Questions CPTRAX for Windows will be able to answer:

"Who deleted an Active Directory Object or made the Schema Change or changed an Active Directory attribute?"

"Who deleted a file, when was it deleted, and were they logged on to their workstation or via terminal services or from some unknown IP address?"

"Was access to the file granted through a private share such as C$ or via another share?"

"Who was using a particular IP address on a specified date/time?"

Why choose CPTRAX for File System Auditing and Control? Why choose CPTRAX for Logon and Logout Auditing? CPTRAX Product Brochure

Pattern alerts based on event thresholds being reached

You can set boundaries that guard acceptable behavior so you get a warning when something abnormal occurs. Thresholds can be set for any indicator in combination with a time series and/or elements of a breakdown including user, source IP address and object affected (file, folder, Active Directory user or group, GPO and so on). After a threshold is activated, the system generates "pattern alert" which is a message and posts it to your defined alert email addresses.

Purchasing CPTRAX for Windows

CPTRAX for Windows Modules are licensed by the total number of enabled user objects. We also offer alternate per server pricing for the File System Auditing, GPO Audting and Logon/Logoff Auditing modules. To receive a custom quote for CPTRAX for Windows we will need to know the number of enabled user objects or the number of Windows Servers\Domain Controlers where you will be installing CPTRAX.

 Click here to request your CPTRAX for Windows Quotation.

Request an evaluation of CPTRAX for Windows!

CPTRAX for Windows saves a customer from CryptoWall ransomware. CryptoWall ransomware is back with new version after two months of silence

"The CPTRAX product literally paid for itself in one week!"

"I setup CPTRAX rules on our file servers to watch for the creation of filenames created by CryptoWall, and alert us via email as an early warning and additional line of defense. Less than one week after deploying CPTRAX, a laptop in the field was infected. This laptop encrypted all its files and then it moved to its drive mappings back at HQ. CPTRAX saw the creation of the decrypt instruction files and immediately alerted us via email (well many emails). From the CPTRAX email alert, we knew who the user was and isolated him. All in all, three directories were encrypted on the server, saving thousands of files, downtime due to inaccessible files, and IT recourses restoring massive amounts of data."