Change Guardian provides an integration framework for AD or IDM to track identities of each user account and what events those identities have performed.
This integration provides functionality on several levels:
The People Browser provides the ability to look up the following information about a user:
Contact information
Accounts associated with that user
Most recent authentication events
Most recent access events
Most recent permissions changes
Reports and Correlation rules provide an integrated view of a user's true identity, even across multiple systems on which the user has separate accounts. For example, accounts like COMPANY\testuser; > cn=testuser,ou=engineering,o=company, and TUser@company.com can be mapped to the actual person who owns the accounts.
By displaying information about the people initiating a given action or people affected by an action, incident response times are improved and behavior-based analysis is enabled.
NOTE:Only administrators can integrate Change Guardian with identity management systems.
Integrating AD with Change Guardian provides user information from AD and user mapping with associated incoming events. For more information, see Configuring LDAP for AD Browsing.
To view identity information and view the recent activities of a user, see Viewing Identity Data
in the Change Guardian User Guide.
If you have Identity Manager installed, you can use Change Guardian with Identity Manager to view user identity details of events. You must have the View People Browser permission to view identity details
To view user identity details:
Perform a search, and refine the search results as needed.
In the search results, select the events for which you want to view the identity details.
Click Event operations > Show identity details.
Select whether you want to view the identity of the Initiator user, the Target user, or both.
For more information about integrating identity information with Change Guardian events, see Integrating Identity Information
in the Sentinel Administration Guide.
To search and view identity information, see Searching and Viewing User Identities in the Change Guardian User Guide.