ManageEngine ADAudit Plus is a UBA-driven auditor that fortifies your Active Directory (AD) security infrastructure. With over 250 built-in reports, it provides you with granular insights into what’s happening within your AD, such as all changes made to objects and their attributes. This can include changes to users, computers, groups, network shares, and more. ADAudit Plus also helps monitor privileged user activities in the domain, track logons and logoffs on workstations, and provide visibility into AD account lockouts.
In this blog series, we’ll look at the numerous reports that ADAudit Plus provides.
The User Logon Reports category features 16 preconfigured reports that display granular audit details related to user logons, logon failures, users logged in to multiple computers, and more.
In our third blog of this series, we’ll shed light on the next report in the User Logon category: the Users First and Last Logon By Computers report. You can quickly brush up on the first two blogs here: Discover how to utilize the essential User Logon report from ADAudit Plus: Logon Failures and Audit day-based logon errors: ADAudit Plus User Logon report.
Say hi to James, an IT admin from ABC Corp., whose organization has become a victim of a cybercrime and who now wants to audit users’ first and last logins on the day of attack.
Problem: How can James track when a user performed the first and last login on a particular day?
Solution: The Users First and Last Logon By Computers report in ADAudit Plus helps James generate a report on the first and last times users logged in based on the computers.
Figure 1. This screenshot shows the Users First and Last Logon By Computers report in ADAudit Plus
The report helps James by providing him with essential details like:
1. Username
2. The date and time of the first and last login attempts
3. The count associated with each user’s login per day
4. The client IP address
As seen in Figure 1, the generated report provides all the pertinent information regarding the first and the last time a user performed a login by computer. This report is highly beneficial for admins like James since it also provides granular insights into the number of times each user performed the user login action for the first and the last time.
The report would also help James in conducting a forensic analysis after a cyberattack, and allow him to identify which user’s system was compromised to execute the attack.
Further, James can perform the following actions on the generated report:
1. Select Export As to generate the report in any of the preferred formats (CSV, PDF, HTML, or XLS).
2. Schedule these reports to run at a preferred time for automatic, periodic reporting, and have them sent to his email address.
3. Use the Add/Remove Column feature available in the report to select additional attributes.
4. Generate reports by selecting multiple domains.
The who, when, and where information is critical for IT admins to get a clear picture and understanding of what’s happening in their AD, which can be easily viewed using the extensive reporting module of ADAudit Plus.
Sign up for a personalized demo with our product experts to explore how ManageEngine ADAudit Plus can assist you with monitoring and securing your AD environment.