ADAudit Plus Release Notes
Build 6053 (May 2020)
- Vulnerability caused due to Apache Struts has been fixed (Apache Struts dependency has been removed from ADAudit Plus).
Build 6052 (May 2020)
- This release includes fixes for the unauthenticated change to integration system configuration vulnerability reported by Florian Hauser.
Build 6050 (April 2020)
- Azure AD password protection auditing — Track successful and failed password set and password change activities.
- LDAP auditing now provides information on secure binds, unsecure binds, and binds which have been rejected because of errors.
- Performance improvements have been made on the Analytics module to consume less system resources.
- Shares configured for auditing will continue to get audited, even if their location is changed.
- Search option has been added to help select reports, under Schedule Reports.
- Multiple SMS recipients can be included in alert profiles.
- Alert link URL for an alert profile can be customized.
- The entire alert profile list as well as individual alert profiles can be exported.
- Refresh and filter options have been added to Restore Archive Events.
- Advanced GPO reports can be forwarded to any SIEM solution
- Old and new values of OU-level and domain-level permission changes can be forwarded to ArcSight.
- Analytics alerts will no longer get duplicated and will display the correct domain name.
- Program, Program(x86), and SystemRoot files will get configured by default, in File Integrity Monitoring.
- Special characters will get parsed in Synology NAS auditing.
- Under Alert Profile and Custom Reports filters, users and groups can be selected without any issues.
- Special characters can be used in passwords when migrating database to MSSQL server.
- Agent will collect data from a server even when only one among Server name, Server IP, or Server DNS is correct.
- Under Alert me, failure events can be configured for cloud directory events.
- Under User Created and Computer Created reports, changes to all User-Account-Control attribute values will get displayed.
- Add To Dashboard option will not be visible to technicians who do not have the privilege to view the Dashboard (Home).
- Under Archive Events, there will be no discrepancy between archive category size and audit data size.
- Changes to firewall GPO settings will be audited.
- Changes to security options settings (local security policies), newly added in 2012 R2, will be audited.
- Login failures will no longer occur in the domain where ADAudit Plus is installed, when user name is used in the UPN format under Domain settings.
- Technicians will no longer face login issues, when the domain flat name of configured AD and Azure AD domains is the same.
Build 6033 (March 2020)
- RCE (CVE-2020-11531) and authentication bypass ( CVE 2020-11532) vulnerability in ADAudit Plus DataEngine reported by Sahil Dhar (xen1thlabs) have been resolved.
Build 6032 (January 2020)
- Issue with viewing Windows file cluster audit reports has been fixed.
- Interrupted logons are now reported as Logon Failures in Azure AD auditing.
- In PowerShell auditing, issue with the parsing of certain scripts has been fixed.
- Events from the adfs/services/trust endpoint will no longer be excluded from ADFS audit reports.
- The Feedback icon has been made less intrusive.
Build 6031 (December 2019)
- DataEngine startup issue has been fixed.
Build 6030 (November 2019)
- Audit file access across Synology storage devices.
- Audit PowerShell script blocks and module loads.
- Enable two-factor authentication (2FA) for login to ADAudit Plus.
- Add/remove servers and workstations automatically in ADAudit Plus, as and when they are created/deleted in your domain.
- Configure servers, workstations, and shares in bulk; in ADAudit Plus.
- NetApp and EMC Permission Changes report to provide information on before and after values of permissions.
- Locked out users report to provide information on caller's IP address.
- User work hours report to take into consideration screensaver invoke and dismiss.
- Track denied access to Remote Desktop.
- The following alert profile templates have been added, enable them to notify when:
- A disabled user is enabled
- A login attempt is made by a disabled user
- The 'Password never expires' attribute is enabled for a user
- A user's account is locked out (the notification is sent directly to the end user in this case)
- Automatic upgrade of client-side agent.
- Security vulnerabilities such as path information getting disclosed, help doc click-jacking, and others have been fixed.
- Export issue with DataEngine and a host of other issues have been fixed.
Build 6010 (August 2019)
- Technicians in ADAudit Plus can now be granted OU-level delegation.
- Besides users of the groups which have access to ADAudit Plus, users who are in a nested group can also log in to the product now.
- MySQL/MS SQL to PostgreSQL product database migration is now supported.
- Option to view audit data of all domains in a single report has been added.
- Command line arguments used by a process can now be tracked.
- Option to configure an email alert when there is no communication from agent has been added.
- Alert and Custom Report filters have been enhanced for improved user experience (regex support has also been provided for alert filters).
- Column-wise summary has been added to each table under Archive Events.
- The following default alert profiles have been added:
- Group Membership Changes
- Folder Permission Changes on Sensitive Shares
- Logon Access On Executive Servers
- PII user attributes changed and
- User, Group, Computer Modifications under an OU
- Option to manually configure High Availability of ADAudit Plus has been added.
- Tomcat has been upgraded from version 8.5.27 to 8.5.32, to overcome security vulnerabilities.
- Time series graph bug under Custom Reports has been fixed.
Build 6003 (June 2019)
- TLS 1.2 support has been included.
- The option to restrict multiple login sessions from the same user to ADAudit Plus' web client.
- The issue with loading events to MySQL due to a delimiter error has been fixed.
- The issue with forwarding events containing Hebrew characters to ArcSight SIEM via TCP has been fixed.
- The OutOfMemory error due to truncation of agent-forwarded data has been fixed.
- The issue in parsing event log data containing non-English characters has been fixed.
Build 6002 (June 2019)
- File summary reports having duplicate columns issue has been fixed.
- Reports export failure with MS SQL installed on a Spanish OS has been fixed.
- The file server junction point/mount point auditing (via the agent) issue has been fixed.
- The agent service status can now be updated without domain admin privileges.
Build 6001 (May 2019)
- The issue with configuring variable-based email addresses in Alert Profiles has been fixed.
- The startup issue on machines running operating systems in Spanish has been fixed.
- The issue with the redundant increase in the number of utilized TCP ports has been fixed.
- Fixes made to the client-side agent:
- Installation and uninstallation confirmation dialog boxes have been added.
- Changes have been made to include the right date format while fetching event data.
- The buffer limit has been increased to allow parsing of large event messages.
Build 6000 (April 2019)
- Faster search and retrieval of file audit data with ADAudit Plus's all new DataEngine.
- Smoothen out log collection over WAN connections with the ability to deploy a client-side software agent.
- Get status reports and instant alerts on the current working state of ADAudit Plus to ensure round-the-clock availability.
- Copy alert profiles and scheduled report templates to quicken creating customized reports and alerts.
- Active Directory risk assessment reports have been added to Analytics.
- Track rename activity of user/computer/groups.
- Regex support has been provided for file exclude patterns.
- While creating email and SMS alert profiles, the mailing list can be set based on multiple variables (eg. caller username, SID, etc).
- New CSRF tokens are implemented for every user session.
- A custom LDAP query can now be added to filter data in custom reports.
- The issue with downloading XLSX files from the scheduled reports' directory listing has been fixed.
- All requests (including images, JS & CSS files) now pass through a security filter.
- The 'Add Objects' pop up in 'Alert Profiles' failed to list workstations, which has now been fixed.
- Ipv6 addresses can now be resolved to get machine names.
- Occurrences of missing printer audit data fields have been fixed.
Build 5120 (October 2018)
- Now forward Azure AD audit data to your SIEM solution.
- Define alert thresholds based on multiple event fields.
- Suppress emailing of redundant alerts.
- You can now save a custom LDAP query while choosing users/computer/OU/group in the alert filter, eg., Alert logon attempts for disabled users.
- Event fields can now be included in SMS alerts.
- Support for any AD object changes in custom reports.
- Support for multiple business hour configurations.
- The unauthenticated proxy server for Azure AD issue is fixed.
- While scheduling reports, 'Don't send empty report' checkbox is now included so that empty zip files are not sent.
- While configuring email address for an alert, 'Add more recipient' can be configured directly without providing an email.
- In custom reports, the exception while adding GPO and group management reports is fixed.
- Auditing changes to Azure AD has been updated to the new event format.
- Stack overflow DOS vulnerability in the 'Domain name' field while adding a new domain has been fixed. (Courtesy: Lucas Carmo, Real Labs)
Build 5110 (June 2018)
This build has implemented the following enhancements to comply with the General Data Protection Regulation (GDPR).
- Users will be prompted for consent while integrating with third party applications.
- Password protection for exported reports, database backup, and archived audit data ZIP files.
- Database access via command prompt or client tool is secured with a password.
- Report export actions are audited.
- Sensitive information such as email server and email addresses are masked in the User Interface.
- New GDPR compliance reports and alert templates are included.
- Permission to export reports can now be defined for technician roles.
Build 5100 (April 2018)
- Active Directory User behaviour analytics.
- ADFS 4.0 support.
- Forward logs to ArcSight - CEF format support.
- Alert and custom reports filter enhanced.
- SQL injection vulnerability in 'Aggregate Search' has been fixed (CVE-2018-10466).
- Protection against Clickjacking.
- Brute force login attempts are handled.
Build 5051 (December 2017) VIDEO
- Improved data collection performance for print servers.
- Alert e-mails now contain a link to the alert profile.
- Default setting for server audit is set to "all computer objects" for a simplified view.
- Support for Arabic characters while exporting to a PDF.
- Configure ADAudit Plus to collect data from Azure Active Directory via proxy credentials.
- Export issue pertaining to data fields containing "," in PostgreSQL is fixed
Build 5050 (October 2017)
- Azure AD Auditing
- User attendance - new report.
- LDAP authentication auditing.
- Workgroup servers can be audited now.
- A comprehensive search feature encompassing reports, help, configuration pages etc., (Video)
- LAPS - New report when passwords are viewed through the "attribute editor tab"
- ADFS auditing(OAuth support).
- User names now reported on AD activities using Exchange Admin Center(EAC)
- Advanced GPO alerts configured for "All GPOs" will not work for newly created GPO.
- Scripts does not gets triggered for GPO alerts.
Build 5040 (July 2017)
- Audit EMC Isilon.
- Execute scripts to customize alert response.
- Get reports on computer startup & shutdown.
- Analyze logon failures similar to analyzing account lockouts.
- Chart issue under 'Profile Based Reports' fixed.
- 'Profile Based Reports' visible for technicians also.
Build 5030 (Mar 2017)
- Forward logs to syslog or SIEM servers.
- Support for LDAP over SSL.
- Reports from archives can be exported to PDF/CSV.
- Audit Active Directory Lightweight Directory Services(ADLDS).
- Audit Local Administrator Password Solution(LAPS).
- Create custom alert profiles directly from reports with a single click.
- Export to PDF/CSV formats 10 times faster.
- In custom reports, time series chart supports monthly/yearly time periods.
Build 5020 (Dec 2016)
- Active Directory Federation Services [ADFS] Auditing.
- Elaborate disk information provided in "Admin" pages.
- "Jump To" delegate option for technicians handled.
Highlights of Previous Releases
Build 5010 (Nov 2016)
- Account Lockout Analyzer now analyzes OWA/ActiveSync for lockout reason.
- User idle time calculation [Beta]
- Support for home page charts on-demand refresh.
- Schedule Reports - "View Reports" link gets hidden on a particular date format.
Build 5000 (Aug 2016)
- Powerful Search, Reports on Archives.
- Advanced filters for Alerts (Courtesy: Darragh O'Shaughnessy, VHI Group Ltd.,).
- Terminal Gateway Server Audit added to Custom Reports.
- Advanced Search in reports.
- Copy Custom Report feature (Courtesy: Darragh O'Shaughnessy, VHI Group Ltd.,).
- Spanning multiple IE instances in the background during service start.
- Schedule reports - business hours issue.
Build 4693 (May 2016)
- Support for Remote Desktop Gateway Server audit
- Set default time period for every report
- License corruption - product converts itself to free edition
- Vulnerability fixes
Build 4691 (March 2016)
- Configure cross-domain technicians in ADAudit Plus.
- Create custom reports for File Integrity, Printer Auditing, Server audit categories etc.
- Bulk email configuration for alert profiles.
- Configuring username/password with special characters.
- Restore archive events page navigation issues.
Build 4690 (February 2016)
ADAudit Plus adds an improved Look and Feel with a new Flat user interface.
- Complete alert email customization.
- List archive files that contain data for date range while generating report.
- Custom reports - Share based filter issue - fixed.
- Roles associated with technicians can be deleted - fixed.
- Special character support - username/password in mail server settings.
Build 4685 (November 2015)
ADAudit Plus adds support for NetApp Cluster file auditing; securely monitor and report the authorized / unauthorized document access, file / folder structure changes, shares and access permissions.
- NetApp Cluster support - File Auditing
- Track NTLM events
- Last 'N' Period support for reports
- Customize Charts in reports
- Security fixes and enhancements
- Report on deleted files using "Shift+Del" in FIM
- Performance improvements
- Adding objects with special characters to Report Profiles
Build 4681 (August 2015)
ADAudit Plus introduces ´Technician delegation & auditing´ feature, which allows administrators to delegate roles and monitor their activities in the product. Also, ADAudit Plus enhances it's ´Consolidated Audit Trail´ feature, a search based real-time reporting for Active Directory objects [user, group (new) and computer (new)]. Type object name to instantly view the change summary and in a click drill-down for an in-depth analysis.
- Technician delegation and auditing
- Search object activities has been extended to groups and computers in addition to the existing user object
- Export option for aggregate reports now available for the whole dashboard and the object search window
- GPO & Advanced GPO zip creation fixed
- Excluding objects issue fixed in Configuration audit
- CSV & PDF export issue fixed in non-English versions
- SQL injection vulnerability in Alerts tab
- Quick Search fixed in few reports
- Search option above the Reports listing
- Popup issue through AD360
- Network share modified report issue
- In configure technicians via OU / Group, user removal from group / OU handled
- Handled domain names with special characters
- Fixed export report chart name alignment issue
Build 4671 (June 2015)
ADAudit Plus empowers Windows Server administrators with aggregated reports for Compliance & security; View the change summary of every activity in Active Directory and in a click drill-down for an in-depth analysis.
- Aggregate reports.
- Search activities based on username.
- 'Reset to Default Columns' option is now available for profile based reports too.
- Performance enhancements for faster report loading.
- Issues related to fetching user/computer/group moved report (MS SQL db) have been fixed.
- Issues related to GPO Link Changes report (MS SQL & MySQL) have been fixed.
Build 4662 (March 2015)
- File Auditing
- View IP or computer name from where the file was accessed.
- View the changed file / folder properties (SACL / DACL / General) from the reports.
- User names will now be displayed for events done across domains (SID info from Global Catalog).
- User names now reported on AD activities using Exchange Management Console (EMC).
- Separate reports for file move and file rename.
- Report File Creation via event logs (Optional, Default: Snapshot comparison).
- MS Office documents modification reported properly.
- Select all in add users / computers.
- User Object History report - All group activities involving users are now reported.
- "Domain Settings" page empty and "Domain Already exists" fixed.
- Enable disabled Servers for event collection after applying a valid license based on last event time.
Build 4661 (January 2015)
Announcing custom reports in ADAudit Plus, now create reports you desire in a few clicks. Choose from the pre-configured report categories and choose the sub-categories. Further, choose the columns and add filters if you further want to drill down information for precise data. Last but not the least, you could schedule the same to be periodically e-mailed.
- Create and manage custom reports.
- Track share activity in configured Member Servers / Domain Controllers.
- Reports filtered with a search query can be saved for a quick view.
- Improved product security.
- Configurable event collection mode - Real-time / Scheduled collection.
- Audit OU based user / computer / group creation.
- Issue while sending alerts when time zone is configured.
- Printer name with non-english characters can be configured.
- Issue while selecting all objects in report generation.
Build 4651 (October 2014)
Announcing real-time change auditing for Windows Active Directory, the new feature provides administrators with real-time email alerts and a live feed of alerts in the ADAudit Plus console, when critical and unauthorized changes are made to AD.
- Real time auditing for Active Directory.
- Audit reports for (users, groups, computers, OUs) which are moved.
- Report - User services (Know the configured services across computers with user names).
- Automatic audit policy configuration for trusted domain.
- Delete history of scheduled reports periodically.
Build 4650 (July 2014)
- Real time auditing for Domain Controllers [Optional].
- Windows Server 2012 R2 support added.
- Product crash error during event collection.
- Alert for Configuration Permission Changes - 2008 Servers.
- Move Containers/Contacts reporting.
- GPO User/Computer Configuration count mismatch.
- Share based reports - Files created report fix.
Build 4640 (May 2014)
Announcing EMC (VNX / VNXe / Celerra) file share auditing; now document changes to files and folders; Audit the access, shares and permissions. Export reports for security analysis and meet compliance audits.
- File auditing support for EMC Storage Servers.
- Improved UI for 'Import Evt/Evtx Logs'.
- Out of memory fix for file creation audit.
- Event collection error fixes :
- 7A - The data area passed to a system call is too small.
- 1734 - The array bounds are invalid.
- Cyrillic characters in events handled.
- Fixed automatic Server restart issue.
Build 4630 (March 2014)
- Import backup event logs (evt / evtx logs).
- User's first and last logon report.
- Who started process in computers report.
- Add Helpdesk Technicians via Group / OU.
- Ablility to export millions of data.
- Reports can be viewed in user chosen timezone (default - installed computer timezone).
- More date and time formats supported.
- Add cluster file server shares in custom report profile - file audit.
- Add printers in bulk - Printer Configuration.
- Duplicate monitor creation issue fixed.
Build 4623 (December 2013)
- A new methodology to fetch events.
- NetApp auditing will work even when the product is installed on non-English OS.
- New filter to show the exact 'file read' for NetApp auditing.
- Scrollbar on top of reports.
- Option in Schedule reports to send mail only 'when data is available'.
- Schedule reports show basic report information when empty reports are exported.
- Select Domains for 'Log on to' option in Login page.
- Custom period deletion.
- Added 'Time Stamp of Last Event' for Member Servers, File Servers, NetApp Filers & Workstations.
- Memory leak & bulk printer adding issue for Printer auditing.
- Reports view issue for IE7 compatibility view.
- Exclude users page load issue.
- Following abilities have been removed for Operator role: Add / remove Report graph to dashboard and remove custom reports.
- Threshold alerts issue.
Build 4621 (October 2013)
ADAudit Plus latest build 4621 with the addition of Removable Storage Auditing now also for Workstations. Next addition is the page navigation below the reports, alerts and configuration and a few other fixes to enhance your Windows network environment auditing!
- Include / exclude the sub-folders in File Audit.
- Removable storage auditing now available in Workstations also.
- Page navigation at the bottom of reports, alerts and configuration.
- 'Configure Policy' alert if Advanced Audit Policy is not configured.
- Product crash due to special characters in the printer name.
- Error while configuring printers in IE8 browser.
Build 4620 (September 2013)
- Advanced Audit Policy Configuration through Product Web User Interface.
- Issue with resolving Host name in ISATAP enabled Environment.
- Issues with Scheduled Report.
- Issue in sending emails in TLS enabled Environment.
- Account Lockout Analyzer:
- Local Logon failures from all Workstations will also be notified (No need to add workstations for monitoring).
Build 4611 (August 2013)
- Service Pack issue while upgrading to 4610.
- Issue while adding a new Alert Profile while associating with a newly created Report Profile.
- A harmless exception while adding the discovered DNS servers.
Build 4610 (August 2013)
- Postgres data folder pre-bundled - faster startup.
- Cumulative Reports.
- Quick Links for reports under Reports, File Audit & Server Audit Tab.
- Move-Rename NetApp.
- License expiry mail notification.
- OU Based User Selection.
- OU Mgmt & GPO Mgmt Under Administrative User Action Report.
- Interactive Logon Failures under Local Logon-Logoff Category.
- Report Tree UI Changes.
- Crash Issue in 32 bit installation fixed.
- Account Locked out Analyzer:
- Schedule Task: Issue fixed 2k3 server and Windows XP.
- Network map drive: Issue fixed.
Build 4600 (August 2013)
With 'Account Lockout Analyzer', ADAudit Plus now helps you get to the root of user account lockout scenarios. Also, user, time and volume based threshold alerts help identify the problem precisely.
- Account Lockout Analyzer.
- DNS Server Auditing.
- AD Schema & Configuration Auditing.
- Contacts & Container Auditing.
- Windows Server 2008 Password settings Auditing.
- Threshold based Alerts.
- Caller User based Alerts.
- Business / Non Business hours in Alerts / Reports.
- Permission Reports.
- User Terminal Services attributes audit.
- Option to select 'Group' in user reports.
- Alert if product not installed as service / Alert Me Not Configured.
- Search option for reports.
- Improved performance on all report queries.
- 'Default Report' feature when clicking 'Reports' tab.
- Linked GPO Objects in Advanced GPO Objects.
- Child Domain support with parent domain credentials.
- Option to choose chart while exporting report.
- Data migration: Multiple slash in shares to MS SQL Server.
- Unable to reset 'ADAudit Plus Authentication' User's Password under Technicians.
- Key issue due to table AUDStackedGraphQueryMapping while upgrading - MS SQL.
- Primary Key Issue in Builds 4540+ while upgrading - MS SQL.
Version 4.5.0 Build 4544
- File Audit Home page not loading properly in Build Nos: 4542 and 4543.
- Unable to Change ADAudit Plus 'admin' user password in Build No:4542.
- Unnecessary commas in CSV export.
Build 4541 (February 2013)
- Postgre SQL related fixes:
- Non-English OS product start issues.
- File creation report issue fixed.
- NetApp report issue fixed.
- Chart issue in export reports fixed.
Build 4540 (December 2012)
- File Integrity Monitoring.
- Postgre SQL support.
- Event log collection fixes:
- The event log file is corrupt.
- Invalid handle.
- A required privilege is not held by the client.
- Alert Profile update fix.
Build 4530 (November 2012)
- Audit Workstation Logon & Logoff Activity.
- Share & Folder based File Audit reports.
- Folder permission change reports carry old and new values.
- Charts are now exported in PDF and HTML report formats.
- Fixes have been completed for File Audit Reports.
Build 4520 (August 2012)
- Report and Email summary of daily changes.
- Advanced GPO Audit Alerts.
- 'Run Now' for Schedule Reports.
- Dashboard View Customization.
- Bulk Modification of Alert Profiles.
- Fixes have been completed for File Audit Reports.
Build 4510 (June 2012)
- File Rename, Move & Copy are also Audited Now.
- 'Run Now' for File Creation Scheduler.
- Email notifications even after disabling alert profile.
- View Report on the 'Comments Modifications' on ADs Settings of GPO.
Build 4500 (May 2012)
- Detailed Group Policy Settings Auditing.
- Audit Reports on All Group Policy Permission Changes.
- Scrutinize the complete attribute changes of users, groups, computers.
- Distinguish the New / Old value of Attribute changes for users, groups & computers+.
- Thorough OU Permission Changes with new and old permissions*.
- Exhaustive listing of User / Group / Computer Permission Changes with new and old permissions+.
- Support for MS SQLServer as backend database (Works with MS SQLServer 2005, 2008, 2008R2).
- GPO Link Changes Reports - Enhanced Reports encompassing the New / Old value of GPLinks.
- Export the Folder Permission Changes Report with changed permissions.
- Numerous Performance Improvements.
- MS Office File modification Issue.
- Occasional delay due to unresolved IP has been solved in logon events.
- Faster processing of event log data.
- 'Handle is Invalid' error in 2008 Server w.r.t Event Collection is fixed.
- Objects stored in cache for quicker processing.
+ Supported for Windows Server 2008 and above.
Version 4.1.0 Build 4141 (February 2012)
- NetApp Filer Support.
- Performance enhancements with respect to event log collection.
- Reduce size of database - option through web client.
- 'Period' selection in 'My Reports'.
Build 4140 (January 2012)
- Support for Non-English DCs, File Servers and Member Servers.
- Pre-defined reports with user inputs can be bookmarked.
- Reports are now categorized to help meet compliance under SOX, HIPAA, GLBA, PCI and FISMA.
- Product is now compatible with User Account Control (UAC).
- 'Archiving' and 'Event Cleanup' are now merged as 'Archive Events'.
- WMI Quota Violation error in Windows Server 2008 and R2.
View further back in ADAudit Plus 'Fixes & Enhancements' History >>