Glossary

Administrator console An earlier version of the Audit Manager console used to configure and monitor audit installations and to grant and manage auditor rights for users and groups.

Audit Analyzer console A GUI that auditors use to search audit data. The console enables auditors to query audit store databases, select sessions to replay, and flag sessions for follow‑up.

Audit Manager console The management console that is used to configure and monitor the audit installation and to grant and manage auditor rights for users and groups.

Audit management database The audit management database is a Microsoft SQL Server database instance that keeps track of all of the components in a single audit installation. When users query and display audit data using Audit Analyzer, the audit management database connects to the appropriate audit stores to respond to the requests. In previous versions, the component was called the audit server.

Audit management server The Windows service that collects audit trail events when there are no audit store databases available. Only one instance of this service should run for a single audit installation.

Audit role A specification that defines a set of audit data and access privileges for an assigned set of users or groups. Users or groups who are assigned to one or more audit roles are identified as auditors. An administrator creates different audit roles to give auditors specific access rights to appropriate audit data.

Audit store A component of the auditing infrastructure that defines a scope of audit data in a Microsoft SQL Server database. An audit store can encompass an entire Active Directory site or a specific subnet. Only one SQL Server database can be actively receiving audit data from collectors at a time. However, an audit store can have multiple attached databases. All attached databases in the audit store are available to the audit management database, which presents audit data to auditors in response to requests from Audit Analyzer. Typically, each Active Directory site has one audit store.

Audit store database A Microsoft SQL Server database that contains captured session data.

Audited computer A Windows, Linux, or UNIX computer that has an agent installed to capture user activity. When auditing is enabled, it starts when a user logs on.

Audited system Another term used interchangeably with audited computer to describe a Windows, Linux, or UNIX computer that has an agent installed to capture user activity.

Auditor console An earlier version of the Audit Analyzer console that auditors use to search audit data, select sessions to replay, flag sessions for follow-up, and query audit store databases.

Audit trail The list of commands that were audited.

Centrify UNIX agent The collection of components on a UNIX computer responsible for access control, privilege management, and sending audit data to a collector. The Centrify UNIX agent encompasses all required and optional services that provide authentication and privilege elevation and audit and monitoring service features on Linux and UNIX computers. On audited UNIX computers, these components include the service that intercepts traffic (cdash), the data collection service (dad), the agent configuration file (centrifyda.conf), and command line programs.

Centrify Windows agent The collection of components on an audited Windows computer responsible for sending audit data to a collector. On Windows, these components include the service that intercepts traffic (wash), the data collection service (wdad), and the agent configuration control panel.

Collector A Windows service that collects audit data from audited systems and sends it to an audit store.

Common component A Windows service that captures diagnostic log information from all auditing-related components.

DirectAudit installation A named collection of audited computers, collectors, audit stores, and an audit management database that interact. Each installation has a Master Auditor with full control over all of the components in the installation. The installation defines the boundary of audit data available. An organization can have multiple installations. For example, two corporate divisions can deploy isolated installations; or a test installation can be maintained separately from the production deployment.

DirectAudit UNIX agent The components on an audited UNIX computer responsible for sending audit data to a collector. On UNIX, these components include the auditing shell wrapper (cdash), the data collection service (dad), the agent configuration file, and command line programs.

Centrify Authentication Service UNIX agent The components on a UNIX system responsible for authentication and authorization services. The core component that provides these services on a managed computer is the adclient process. This agent is required for auditing on UNIX computers because it communicates with Active Directory to authenticate user credentials and evaluate role assignments.

Installation A named collection of audited computers, collectors, audit stores, and an audit management database that interact. Each installation has a Master Auditor with full control over all of the components in the installation. The installation defines the boundary of audit data available. An organization can have multiple installations. For example, two corporate divisions can deploy isolated installations; or a test installation can be maintained separately from the production deployment.

Management database The Microsoft SQL Server database instance that keeps track of all of the components in a single installation. When users query and display audit data, the management database connects to the appropriate audit stores to respond to the requests. In previous versions, the component was called the audit server.

Master Auditor role The user account that has full administrative control over an installation. You cannot modify the permissions associated with the Master Auditor role. You can change who is assigned to the role.

Reporting database A database that contains a central, partial replica of the data stored in the management database and audit store databases. The data is optimized for generating reports. Event notifications can be created for installations that have reporting enabled.