Softpedia >Windows >Internet >Servers >Server Tools >ADAudit Plus >  Changelog

ADAudit Plus Changelog

What's new in ADAudit Plus 8.0 Build 8003

Apr 29, 2024
  • Fixes:
  • SQL injection vulnerabilities reported by minhgalaxy have been fixed.
  • An issue in adding tenant under Azure File Share configuration when Privacy Settings for GDPR are enabled has been fixed.
  • An issue in Server Audit reports getting redirected to the Server Audit configuration page when a user does not have the Windows Server license has been fixed.
  • Restrictions on data visibility under Run Query have been implemented.
  • Restrictions on privileged process execution from ADAudit Plus binaries have been implemented.

New in ADAudit Plus 8.0 Build 8002 (Mar 22, 2024)

  • Enhancement:
  • A few performance enhancements have been implemented.
  • Fix:
  • An issue with fetching Amazon FSx events has been fixed.

New in ADAudit Plus 8.0 Build 8000 (Mar 1, 2024)

  • Feature:
  • Introducing Attack Surface Analyzer that lets you detect various attacks within your on-premises, cloud, and hybrid Active Directory environments with intuitive dashboards and dedicated reports.
  • Enhancements:
  • Sysmon Auditing reports can now be accessed from the Server Audit tab.
  • The Service Account Auditing report can now be found under Process Tracking in the Process sub-tab within the Endpoint tab.
  • Custom reports can now be accessed from the Analytics tab.

New in ADAudit Plus 7.2 Build 7271 (Jan 12, 2024)

  • Feature:
  • Azure Files auditing: You can now audit every access, modification, deletion, and more across Azure file shares.
  • Fixes:
  • A few changes focused on hardening the security of agent data have been implemented.
  • An arbitrary directory traversal vulnerability (CVE-2023-50785) in Disk Space Analysis reported by SAM has been fixed.

New in ADAudit Plus 7.2 Build 7270 (Dec 29, 2023)

  • Feature:
  • Azure Files auditing: You can now audit every access, modification, deletion, and more across Azure file shares.
  • Fixes:
  • A few changes focused on hardening the security of agent data have been implemented.
  • An arbitrary directory traversal vulnerability (CVE-2023-50785) in Disk Space Analysis reported by SAM has been fixed.

New in ADAudit Plus 7.2 Build 7251 (Sep 28, 2023)

  • Enhancement:
  • "Invite external user" events in Azure will now get audited and can be viewed by navigating to Recently Created Users under the Azure AD tab.
  • Fixes:
  • An agent re-installation issue, where the latest version was not getting installed when initiated through the UI, has been fixed.
  • A DB issue, because of which Turkish users were unable to upgrade the product, has been fixed.
  • An issue with auditing permission change events for NetApp versions 9.0 and 9.1 has been fixed.
  • A parsing issue in printer auditing, because of which events with particular print document names were not captured, has been fixed.
  • An issue that caused exported Analytics reports to be missing charts when MS SQL DB is used at the back end, has been fixed.
  • An issue with EMC Isilon clusters with the same name, but belonging to different domains, not getting configured for auditing has been fixed.
  • A time zone issue in Azure AD DS auditing has been fixed.
  • An issue with user names with single quotes not getting exported under User Work Hours report has been fixed.

New in ADAudit Plus 7.2 Build 7220 (Aug 28, 2023)

  • Enhancements:
  • New reports have been added under Netlogon vulnerable Schannel Connection Audit that enable you to:
  • Track clients in your domain using RPC signing instead of RPC sealing.
  • Track trusts using RPC signing instead of RPC sealing.
  • Track clients in your domain using the weak RC4 cryptography.
  • Track clients in your domain denied by the Netlogon service for using the weak RC4 cryptography
  • Fixes:
  • In Alert Me, an issue with the event collection failure alert for Azure AD has been fixed.
  • An issue with the search and sort functionalities in the reports under Account Management category that occurred after interacting with the chart data has been fixed.
  • An issue with reading PowerShell logs when workstations are added as a workgroup has been fixed.
  • An issue with generating the archived Removable Device Plug In reports under Search Archived Events has been fixed.

New in ADAudit Plus 7.2 Build 7215 (Aug 2, 2023)

  • Enhancements:
  • Technicians' access to the alerts page can now be restricted with specific read-write permissions.
  • Reports now have the option to filter groups by their sAMAccountName when selecting group-based users.
  • Fixes:
  • Domain-level and general authorization checks have been enhanced to disallow technicians from performing unauthorized actions.
  • In Automatic Configuration, an issue that prevented the automatic addition of computers that are enabled after being temporarily disabled in AD has been fixed.
  • An issue with displaying the Username for some events in Azure AD reports when Azure AD is configured via Microsoft Office 365 API has been fixed.
  • A correlation issue that resulted in false positives in Files Moved and Files Renamed reports has been fixed.

New in ADAudit Plus 7.2 Build 7212 (Jul 10, 2023)

  • Fix:
  • Minor bugs in ADAudit Plus' agent and UBA engine have been fixed.

New in ADAudit Plus 7.2 Build 7211 (Jul 10, 2023)

  • Fix:
  • ADAudit Plus' analytics engine now uses a revised default time window for identifying anomalous user behavior.

New in ADAudit Plus 7.2 Build 7210 (Jun 23, 2023)

  • Enhancements:
  • You can now choose to configure the User Work Hours report to calculate the users' active and idle times for each day irrespective of their logoff status.
  • Shares residing in file clusters can now be added automatically for auditing through Automatic Configuration.
  • Debug logs from ADAudit Plus' database and DataEngine will now be deleted after one year to avoid disk space issues.
  • Fixes:
  • An issue that caused the product to crash due to insufficient disk space when restoring archived files has been fixed.
  • A license issue while adding workstations as a workgroup has been fixed.
  • ADAudit Plus now supports the use of email IDs as NameID in SAML SSO.
  • An issue that prevented the restoration of backed up audit data has been fixed.
  • An issue that resulted in duplicate entries in the Computer Last Startup and Shutdown report has been fixed.
  • An out of memory issue caused due to large number of files in the Processed folder has been fixed.
  • An issue that generated an authentication failure event (event ID 4768) when logging into ADAudit Plus with an unknown username has been fixed.

New in ADAudit Plus 7.2 Build 7203 (Jun 19, 2023)

  • Fixes:
  • An issue with collecting EMC Isilon events involving well-known SIDs has been fixed.
  • An issue with SID resolution in Recent LDAP Queries report for events originating from Windows Server 2008 R2 machines has been fixed.
  • A bug in the alerts engine that caused high CPU utilization and disk space issues has been fixed.

New in ADAudit Plus 7.2 Build 7201 (Jun 8, 2023)

  • Fixed:
  • An issue with displaying the changes in Folder Options in User Configuration Changes report has been fixed.
  • An issue that caused modified settings in Default Domain Controllers Policy and Default Domain Policy to be reported as additions in certain cases has been fixed.
  • An issue that caused files to remain stuck in the processed folder in certain cases due to the presence of newline character has been fixed.
  • An issue that caused the Recent LDAP Queries report to display the SID instead of sAMAccountName has been fixed.

New in ADAudit Plus 7.1 Build 7200 (May 18, 2023)

  • Features:
  • Active Directory Certificate Services (AD CS) auditing: You can now monitor all certificate-related activities on your AD CS servers using ADAudit Plus.
  • QNAP NAS auditing: You can now audit file accesses, modifications, and deletions across your QNAP NAS devices.
  • ServiceNow integration: ADAudit Plus' integration with SeviceNow enables you to generate tickets automatically for critical AD activities such as password resets, account lockouts, file modifications, deletions, and more.
  • Wi-Fi logon activity reporting: New reports that provide information on the Wi-Fi logon activity of AD users have been introduced.
  • ADAudit Plus now supports Hebrew language.
  • Enhancements:
  • You can now create and manage custom reports for Azure AD events.
  • You can now search archived Azure AD audit data.
  • A separate report that details the logon attempts by locked-out users has been added.
  • Introducing Logon Failure Summary report that summarizes all logon failures based on the failure reason.
  • ADAudit Plus UBA engine's performance has been enhanced to reduce resource consumption and scale better.
  • Performance enhancements have been implemented for faster SID resolution.
  • ADAudit Plus' Alert Me (Login > Admin tab > Alert Me) now includes new alert notifications and other enhancements:
  • A new alert notification has been added to notify when an outdated agent is in use.
  • A new alert notification has been added to notify when the size of the event data folder exceeds a configured limit.
  • Event collection failure alerts can now be configured based on threshold and time.
  • The license expiry notification can now be customized to your preferred timing.
  • Fix:
  • In Alert Me, an issue with configuring the event collection failure alerts in non-English editions of ADAudit Plus has been fixed.

New in ADAudit Plus 7.1 Build 7113 (Apr 19, 2023)

  • Fixes:
  • An issue that caused the Top Logon Failures summary report to appear disordered has been fixed.
  • An issue that resulted in non-English file names appearing as garbled text in email attachments has been fixed.
  • The number of events that can be sent in each agent request has been limited to 1000 to prevent out-of-memory issues on the server.
  • The EventData directory size in the Agent Settings page has been restricted to 10 GB to prevent disk space issues in the server.
  • An issue that caused manually deleted or disabled machines to be automatically added when Automatic Configuration is enabled has been fixed.

New in ADAudit Plus 7.1 Build 7111 (Feb 24, 2023)

  • Fixes:
  • An issue that prevented the old agent properties from being displayed in the Manage Agent page when agent re-installation fails has been fixed.
  • An issue that caused high CPU utilization on the PostgreSQL and MS SQL servers has been fixed.

New in ADAudit Plus 7.1 Build 7110 (Feb 17, 2023)

  • Enhancements:
  • The web application firewall has been refactored to enhance security and avoid cross-site request forgery, cross-site scripting (XSS), file inclusion, and SQL injection attacks.
  • A few enhancements focused on security hardening have been implemented.
  • Fix:
  • An issue in deleting old scheduled report files has been fixed.

New in ADAudit Plus 7.1 Build 7100 (Dec 28, 2022)

  • Enhancements:
  • ADAudit Plus now supports the more secure Modern Mail authentication.
  • The trust browser cookie for two-factor authentication has now been set as HttpOnly for enhanced security.
  • Fixes:
  • An issue in resolving the name GUID of the WMI filter Objects for the reports under Advanced AD Objects report profile has been fixed.
  • Technicians assigned the operator role will no longer be able to configure object-level auditing and the default domain controllers policy.
  • The agent sync issue in build 7090 has been fixed.
  • An XSS vulnerability in logon failure reports that was reported by Ryan has been fixed.

New in ADAudit Plus 7.0.6 Build 7091 (Dec 14, 2022)

  • Fix:
  • Issue while archiving using 7zip being blocked in anti-virus environments has been handled.

New in ADAudit Plus 7.0.6 Build 7090 (Dec 6, 2022)

  • Features:
  • Amazon FSx auditing: You can now audit file accesses, modifications, and deletions across your Amazon FSx Windows file systems.
  • In the User Services report, you can now filter the services running on your computers based on the managed service accounts, local accounts, or other accounts that are used to run them.
  • In NetApp auditing, you can now audit share permission changes and deletions.
  • Enhancements:
  • A new dashboard containing the graphical and summary view of the Azure AD reports has been introduced.
  • New reports that let you track when a service starts, stops, or fails and monitor the startup type changes have been introduced.
  • Event data from the processed folder is now processed faster than ever in the Database and DataEngine.
  • ADAudit Plus now supports EMC Isilon version 9.4
  • The Java version has been upgraded to ZuluJDK_8_0_322.
  • The Tomcat version has been upgraded to 9.0.54.
  • New options have been added to the Rebranding Settings to:
  • enable or disable the PDF cover logo.
  • enable or disable the logo in alert mail.
  • An option has been added to exclude the events of users who are deleted from an OU from appearing in the OU-based custom reports.
  • The self-signed certificate bundled along with ADAudit Plus now uses the more secure SHA-256 algorithm for encryption.
  • Fixes:
  • An issue that prevented the DataEngine from starting has been fixed.
  • A new notification has been introduced to notify when the DataEngine is restarting frequently.
  • An issue with updating the custom query cache when creating an alert profile has been fixed.
  • An issue that prevented the Caller Machine Name column from displaying the session recording link has been fixed.
  • An issue with exporting the Print Job based reports in printer auditing has been fixed.
  • The agent installation process that is interrupted due to ADAudit Plus server's unavailability will now resume once the server is available.
  • A column mismatch issue in the RADIUS Logon Failure (NPS) and RADIUS Logon History (NPS) reports has been fixed.
  • An issue that prevented account lockout events from displaying in the User Object History report in multi-domain environments has been fixed.
  • An issue with applying the license for trial users and license-expired accounts has been fixed.
  • When creating new technicians, the parent technicians can now delegate only the domains to which they have access.
  • An issue with auditing Packaged app Rules under AppLocker settings in certain cases has been fixed.

New in ADAudit Plus 7.0.6 Build 7082 (Nov 1, 2022)

  • Important update:
  • Third-party requirement for NTLMv2 SSO: To enable NTLMv2 SSO for ManageEngine ADAudit Plus in builds 7082 and above, you have to manually download the Jespa JAR file and add it to ADAudit Plus' lib folder (ManageEngineADAudit Pluslib).
  • Enhancement:
  • The Apache Commons Text jar has been upgraded from version 1.8 to 1.10.0.

New in ADAudit Plus 7.0.6 Build 7081 (Oct 28, 2022)

  • Enhancement:
  • The third-party xmlsec JAR files in the product have been upgraded to version 2.3.0.

New in ADAudit Plus 7.0.6 Build 7080 (Aug 12, 2022)

  • Features:
  • Azure Active Directory Domain Services (Azure AD DS) auditing: You can now audit logon activity and track changes to users, groups, computers, GPOs, and more across your Azure AD DS domains.
  • New Risk Detection reports that provide insights into risky sign-in attempts to Azure AD have been introduced.
  • New reports on Conditional Access Policy changes in Azure AD have been introduced.
  • New Rebranding settings that let you customize the logos and icons in ADAudit Plus' user interface and exported reports have been introduced.
  • You can now audit file accesses and permission changes across Huawei OceanStor v6 devices.
  • Enhancements:
  • A separate AdminSDHolder Permission Changes report has been added.
  • A new alert profile has been added to detect ransomware attacks.
  • A new alert profile has been added to notify when Windows is unable to write events to the security log.
  • Azure AD auditing now supports the following cloud types when using Microsoft Azure AD Premium license:
  • Azure GCC High Cloud
  • Azure for US Government (DOD) Cloud
  • Azure China Cloud
  • Azure Germany Cloud
  • Performance enhancements have been made for faster processing of permission change events.
  • Performance enhancements have been made for faster event processing from Windows File Clusters and Synology NAS devices.
  • Fixes:
  • An issue in resolving the response data for pointer records in the DNS Record Changes report has been fixed.
  • An authentication issue that occurred when using the User Principal Name (UPN) in multi-domain environments has been fixed.
  • An issue that prevented the default admin from deleting custom reports created by technicians has been fixed.
  • An issue that prevented technicians from accessing scheduled reports from delegated domains has been fixed.
  • An issue that caused EMC Isilon clusters to remain undeleted has been fixed.

New in ADAudit Plus 7.0.6 Build 7065 (Jul 10, 2022)

  • Fix:
  • An admin-only SQL injection vulnerability reported by hir0ot has been fixed.

New in ADAudit Plus 7.0.5 Build 7062 (May 17, 2022)

  • Fixes:
  • When 2FA is enabled, the second factor of authentication can now be reset for the default Admin account if you have lost your authentication device or if you are unable to retrieve the authentication codes.
  • ADSync settings can now be changed only by technicians with write access to the Domain Settings page.
  • An issue with displaying scheduled reports with special characters in the file names has been fixed.
  • In file share auditing, an issue with collecting events from mounted drives in agent mode has been fixed.
  • When creating alert profiles, an issue that caused previously selected report profiles to disappear has been fixed.
  • In Azure auditing, an issue with displaying MFA information when using Microsoft graph API has been fixed.
  • Performance improvements have been made to NetApp C-mode event processing.
  • A fix has been added to support EMC Isilon's change of syslog format in the latest versions.
  • A fix has been added to support authentication in the latest EMC Isilon versions.

New in ADAudit Plus 7.0.5 Build 7061 (May 6, 2022)

  • Features:
  • Agent to server communication is now authenticated.
  • Enhancements:
  • UI alerts and email notifications have been introduced to force password change for the default Admin account after license application.
  • Multiple alert profiles can now be copied in bulk across multiple domains.
  • Fixes:
  • An unauthenticated remote code execution vulnerability (CVE-2022-28219) reported by Naveen Sunkavally at Horizon3.ai has been fixed.
  • An issue that caused a delay in exporting reports has been fixed.
  • An issue with filtering group names using underscore (_) in custom reports has been fixed.
  • The timestamps in custom report charts now display the date and time instead of epoch time.
  • In the aggregate search feature, an issue in retrieving logon summary data has been fixed.
  • In scheduled reports, an issue that prevented charts from being exported when business hours is selected has been fixed.
  • The user session recording frames collector issue has been fixed.
  • An issue that caused newer credentials to get rejected during EMC Isilon configuration has been fixed.

New in ADAudit Plus 7.0.5 Build 7055 (Mar 8, 2022)

  • Enhancement:
  • Custom URLs can now be set for service providers while enabling SAML SSO.
  • Fixes:
  • Old Log4j jar files are now deleted automatically during the upgrade.
  • The issue that prevented Logon and File Audit reports from displaying old data after upgrading to build 7054 has been fixed.

New in ADAudit Plus 7.0.5 Build 7054 (Mar 8, 2022)

  • Fixes:
  • DataEngine, the data store of ADAudit Plus, can now query more than 2 billion records in a single search.
  • An issue in the event collection status column of AlertMe reports has been fixed.
  • A logon failure issue that occurred when a user configured in ADAudit Plus is part of multiple domains has been fixed.
  • Agent service no longer stops due to RemCom unavailability when updating the agent.

New in ADAudit Plus 7.0.5 Build 7053 (Feb 5, 2022)

  • Fixes:
  • Due to a bug event logs were repeatedly read from LDAP, DNS, System event logs. This caused sudden growth in disk space and duplicate alert issues. This has been fixed.

New in ADAudit Plus 7.0.5 Build 7051 (Jan 21, 2022)

  • Fixes:
  • The sync issues between the old agent and new server have been fixed.
  • A few out-of-memory issues have been fixed.
  • All configured file servers will now be added automatically for analysis by the DataSecurity Plus powered File Analysis functionality.

New in ADAudit Plus 7.0 Build 7050 (Jan 3, 2022)

  • Features:
  • User Session Recording: Keep track of user actions using a video recording of the users' session for all Active Directory activities.
  • A new File Analysis feature powered by DataSecurity Plus has been introduced.
  • The old and new names of renamed files are now displayed for File server auditing, File cluster auditing, and File integrity monitoring.
  • All Active Directory change activities are now reported with details about the computer from which they have been performed.
  • Enhancements:
  • Branch Office Direct Printing auditing is now supported.
  • In Azure AD auditing, information about Client app and Applied conditional access policies is now available.
  • Graphs have been added for Azure AD reports.
  • Alert profiles can now be copied across domains.
  • Alert processing has been improved by introducing an alert queue.
  • Performance improvements have been made to the User Work Hours report to get more accurate readings.
  • Performance improvements have been made to the UBA modelling engine to consume less system resources.
  • The notification banners for audit policy alert and privileged domain user alert can now be hidden.
  • Password policy has been introduced for technicians.
  • Administrators can now reset technician passwords.
  • Technician based personalization settings have been introduced.
  • Agent and Server can securely communicate via a new port (8555).
  • Agent can now be installed when automatically adding member servers and workstations in ADAudit Plus.
  • Agent is now supported for Workgroup auditing.
  • In the Automatic Configuration page, 'Run Now' option has been provided for server addition and removal.
  • Shares can now be automatically removed from ADAudit Plus when they are deleted/unshared on the server.
  • The event fetch mode can be changed to RealTime for all member servers and workstations simultaneously.
  • The resultant audit policy can be viewed for domain controllers, member servers, and workstations.
  • Real time and incremental syncing of Active Directory objects is now supported using ADSync.
  • In NetApp auditing, server's volume information can now be fetched from the conf file.
  • In Azure AD auditing, a new API which uses token based authentication has been introduced while configuring Azure AD via Office 365 account.
  • In Azure AD auditing, MFA details are now supported via the beta version of Microsoft graph API.
  • Fixes:
  • The log4net package has been upgraded to 2.0.12 (CVE-2018-1285).
  • The vulnerable log4j v1.2.15 has been removed from this build.
  • A parsing issue in importing event log files has been fixed.
  • An issue that caused 'Member added to Local Administrator' to be shown under Group Management instead of Local Account Management before the server is promoted to Domain Controller has been fixed.
  • In Azure AD auditing, an issue related to interrupted logons has been fixed.
  • In Azure AD auditing, an issue related to access token expiry has been fixed.
  • In Azure AD auditing, the certificate required for querying the Azure AD audit logs is now imported automatically.
  • A parsing issue while auditing Synology NAS events has been fixed.
  • An issue in fetching File cluster events in real time has been fixed.
  • Two-Factor Authentication (2FA) enrollment notification has been added to notify when 2FA is not configured.
  • The Alert view link configuration has been moved from the Modify Alert Profile page to Alert/Report Settings.
  • A custom LDAP query will automatically run whenever a user, computer, group or an OU object is updated.
  • When NAT device is down, agent to server communication automatically switches to the default agent port and protocol.
  • Differentiation has been made between Active Directory and Azure AD search categories while saving a report with search criteria.
  • In LDAP and PowerShell auditing, an issue related to event data duplication has been fixed.

New in ADAudit Plus 6.0.7 Build 7008 (Dec 14, 2021)

  • Fix:
  • Due to the recent Apache Log4j vulnerability (CVE-2021-44228), we have updated the Apache’s Log4j (used in ADAudit Plus in the bundled dependency) to the latest unaffected version in this release.

New in ADAudit Plus 6.0.7 Build 7007 (Nov 15, 2021)

  • Enhancement:
  • VBScript is now supported for alert script execution.
  • Fixes:
  • A fix has been added to support EMC Isilon's change of syslog format in version 9.x.
  • An error in configuring audit policies for DNS zones in some cases has been fixed.
  • Changes to IPv4 addresses, IPv6 addresses and CNAME records are now available in the DNS record changes report under Advanced DNS reports.
  • In Azure AD reports, Country, Latitude and Longitude columns now contain the relevant data.
  • An issue in exporting DataEngine reports with charts has been fixed.

New in ADAudit Plus 6.0.7 Build 7006 (Oct 7, 2021)

  • Fix:
  • A security issue in NTLM-based Single Sign-on has been fixed.

New in ADAudit Plus 6.0.7 Build 7004 (Sep 29, 2021)

  • Enhancement:
  • Security hardening has been performed on custom alert script execution.

New in ADAudit Plus 6.0.7 Build 7003 (Sep 28, 2021)

  • Enhancement:
  • Azure Active Directory (AD) can now be configured without configuring an on-premises AD domain.
  • Fixes:
  • A few logon reports that were not moved to DataEngine in build 7000 have been moved.
  • Member name column has been added under Group Management reports.
  • Issue in PowerShell event parsing when script contains 't' tab character has been fixed.
  • Azure throttle error has been handled.
  • Azure tenants that are not named onmicrosoft.com can also be configured now.
  • Issue in actor name parsing under Azure reports has been fixed.
  • Agent not communicating alert will now get suspended when a machine is deleted/disabled from AD or unconfigured from ADAudit Plus.

New in ADAudit Plus 6.0.7 Build 7000 (Aug 23, 2021)

  • Features:
  • User logon reports are now stored in the DataEngine for faster search and reporting.
  • Enhancements:
  • You can now configure network address translation (NAT) device settings from ADAudit Plus' UI. NAT devices are used in agent to server communication.
  • You can now receive email alerts when the disk space is low and when the product shuts down due to low disk space.
  • Member severs, workstations, and domain controllers are automatically configured into the product when the agent is installed on the target machine to minimize manual configuration (non-persistent VDI, Azure Virtual Desktop).
  • ADAudit Plus now supports the following remote and virtual desktop technologies through agent installation: DirectAccess, persistent, and non-persistent VDI, linked clone and full clone VDI in VM, Azure Virtual Desktop.
  • In Account Logon report under Profile-based reports, the chart type has been changed from vertical bar (3D) chart to a time series graph.
  • Fixes:
  • In File Audit reports, an issue in exporting the Folder Audit Setting Changes (SACL) report along with sub-reports has been fixed.
  • A configuration has been added to automatically change the event fetch mode to real-time when the agent is installed manually.
  • An issue related to configuration file corruption in the agent when the system drive is out of disk space has been fixed.
  • High CPU utilization while excluding files or folders from File Audit/File Integrity Monitoring has been fixed.
  • A query exception that occurred while viewing the All Users Activities and User Activities reports when logged in as a technician with delegated control over an OU has been fixed.
  • 2k3 OS servers/Domain Controllers can now use WMI event fetch mode as legacy APIs are no longer supported with Windows' latest update.
  • An issue that prevented the Computer Startup and Shutdown report from showing the Shutdown process name has been fixed.
  • In reports, an issue while using underscore "_" in the search string has been fixed.
  • The issue of an empty line appearing in xls while exporting a report with sub-report has been fixed.
  • An issue with parent domain credentials getting rejected for printer auditing in a child domain has been fixed.
  • An issue in updating the last read event time in the UI while reading the audit files from NetApp Cluster devices has been fixed.

New in ADAudit Plus 6.0.7 Build 6077 (Jul 29, 2021)

  • Fixes:
  • A startup issue that occurs on upgrading to Build 6075 has been fixed.
  • An issue that caused audited data to not be shown under Synology NAS reports has been fixed.

New in ADAudit Plus 6.0 Build 6075 (Jun 4, 2021)

  • Features:
  • Advanced DNS Server auditing: Track DNS service status, scavenging activity, zone changes, record changes, configuration changes, and more.
  • AD Replication auditing: Monitor the start and end time of replication; track replication changes, failures, and more.
  • Enhancements:
  • File Integrity Monitoring can now be implemented for workgroup servers added as member servers or workstations.
  • Day based Logon Errors report provides a summary of all logon failures every day.
  • Day based Logon Service report provides a summary of all logons daily.
  • Fixes:
  • Issue in GPO Settings Changes report for Default Domain/Domain Controller Policies in case of multiple domains has been fixed.
  • User Rights Assignment Changes report no longer shows unchanged values.
  • Domain DNS name is now displayed for success events when two domains share the same flat name.
  • Old and new value columns are no longer blank while exporting Custom Reports for User Attribute New and Old Value report.
  • Issue in filter variables for Netlogon vulnerable Schannel Connection Audit report profile has been fixed in alerts.
  • In Reports, issue in Advanced Search while using special character "_" has been fixed.
  • In Schedule Reports, issue of wrong slash (/) in mail link has been fixed.

New in ADAudit Plus 6.0 Build 6071 (May 18, 2021)

  • Fix:
  • Issue with event collection in RealTime mode has been fixed.

New in ADAudit Plus 6.0 Build 6070 (Mar 22, 2021)

  • Feature:
  • Audit file accesses and permission changes across Huawei OceanStor storage systems. Follow the steps in this guide to configure Huawei OceanStor auditing with ADAudit Plus.
  • Enhancement:
  • ADAudit Plus now uses digital code-signing to ensure the integrity of the software.

New in ADAudit Plus 6.0 Build 6067 (Feb 21, 2021)

  • Enhancement:
  • Events in Azure AD can now be collected via the Microsoft Graph API, and users can choose to move to this mode from ADAudit Plus' UI.
  • Fix:
  • A query exception in the User Work Hours report has been fixed.

New in ADAudit Plus 6.0 Build 6066 (Feb 8, 2021)

  • Enhancements:
  • Work shift timings are taken into account while calculating User Work Hours, allowing for more accurate readings.
  • Client machine name and client IP address are shown (when accessed via share) under File Integrity Monitoring reports.
  • AlertMe notifications can now be sent as unzipped files.
  • Fixes:
  • Issue in exporting aggregate reports for a custom period has been fixed.
  • Issue in saving scheduled reports as zip files when mail is configured has been fixed.
  • Issue in updating e-mail for alert profiles in bulk has been fixed.

New in ADAudit Plus 6.0 Build 6062 (Jan 11, 2021)

  • Features:
  • All user activities can now be found in a single report, under Account Management.
  • Audit and report on the use of Netlogon vulnerable Schannel connection by Windows devices.

New in ADAudit Plus 6.0 Build 6061 (Jan 11, 2021)

  • Fixes:
  • Minor bug fixes.

New in ADAudit Plus 6.0 Build 6060 (Oct 16, 2020)

  • Features:
  • Single sign-on (SSO) to ADAudit Plus through NTLM or SAML authentication: Configure SSO to access ADAudit Plus using Okta, OneLogin, Ping Identity, Federation Servers, and other custom identity providers.
  • Hitachi NAS devices auditing: Audit file accesses and permission changes across Hitachi NAS devices.
  • Enhancements:
  • Get more granular visibility into Azure Active Directory logon activity with newly added reports.
  • ADAudit Plus audit data can be forwarded to multiple Syslog/SIEM, Splunk, and ArcSight servers simultaneously.
  • Fixes:
  • The ADAudit Plus agent can be deployed on file servers which have the Domain Controller role enabled.
  • Changes made to Custom Reports (matrix view) will get reflected when they are scheduled for delivery over email in the ZIP format.
  • Alert Me notifications will no longer be generated for file shares which have been unconfigured (i.e., configured and later removed) in the product.

New in ADAudit Plus 6.0 Build 6058 (Sep 14, 2020)

  • Issue in agent based event collection has been fixed.

New in ADAudit Plus 6.0 Build 6057 (Aug 26, 2020)

  • Fixes:
  • Issue in GPO Setting Changes report has been fixed.
  • Permission to access schedule reports and GPO setting values can now be granted to technicians.

New in ADAudit Plus 6.0 Build 6056 (Aug 26, 2020)

  • Fixes:
  • Issue in User work Hours report has been fixed.

New in ADAudit Plus 6.0 Build 6055 (Aug 26, 2020)

  • Enhancements:
  • Server to agent communication has been updated to happen over HTTP. This ensures that agent service, property, and configuration sync details can be viewed under the Manage Agent tab without any hassles.
  • Agent can now be managed from the Agent Settings tab located in the Admin page.
  • Cloud directory can now be configured using Multi-Factor Authentication (MFA) enabled accounts.
  • Fixes:
  • Replication issue in High Availability set-up.
  • Stored XSS vulnerability in Business Hours and Technicians features.
  • Duplication issue in Analytics reports.
  • Issue in File Integrity Monitoring not working in systems running Japanese OS.
  • Issue with scheduled reports (saved in one-level folders) not getting deleted.
  • Issue with tabular columns in Time Series graph under Custom Reports not getting sorted.
  • Issue with Display Name column in Custom Reports for User Management.
  • Issue with privilege escalation alert getting triggered when a user exercises privileges over his own account (it will continue to get triggered when a user exercises privilege for the first time over any other account).

New in ADAudit Plus 6.0 Build 6053 (May 25, 2020)

  • Fixes:
  • Vulnerability caused due to Apache Struts has been fixed (Apache Struts dependency has been removed from ADAudit Plus).

New in ADAudit Plus 6.0 Build 6052 (May 16, 2020)

  • Fixes:
  • This release includes fixes for the unauthenticated change to integration system configuration vulnerability reported by Florian Hauser.

New in ADAudit Plus 6.0 Build 6050 (Apr 15, 2020)

  • Feature:
  • Azure AD password protection auditing — Track successful and failed password set and password change activities.
  • Enhancements:
  • LDAP auditing now provides information on secure binds, unsecure binds, and binds which have been rejected because of errors.
  • Performance improvements have been made on the Analytics module to consume less system resources.
  • Shares configured for auditing will continue to get audited, even if their location is changed.
  • Search option has been added to help select reports, under Schedule Reports.
  • Multiple SMS recipients can be included in alert profiles.
  • Alert link URL for an alert profile can be customized.
  • The entire alert profile list as well as individual alert profiles can be exported.
  • Refresh and filter options have been added to Restore Archive Events.
  • Advanced GPO reports can be forwarded to any SIEM solution
  • Old and new values of OU-level and domain-level permission changes can be forwarded to ArcSight.
  • Fixes:
  • Analytics alerts will no longer get duplicated and will display the correct domain name.
  • Program, Program(x86), and SystemRoot files will get configured by default, in File Integrity Monitoring.
  • Special characters will get parsed in Synology NAS auditing.
  • Under Alert Profile and Custom Reports filters, users and groups can be selected without any issues.
  • Special characters can be used in passwords when migrating database to MSSQL server.
  • Agent will collect data from a server even when only one among Server name, Server IP, or Server DNS is correct.
  • Under Alert me, failure events can be configured for cloud directory events.
  • Under User Created and Computer Created reports, changes to all User-Account-Control attribute values will get displayed.
  • Add To Dashboard option will not be visible to technicians who do not have the privilege to view the Dashboard (Home).
  • Under Archive Events, there will be no discrepancy between archive category size and audit data size.
  • Changes to firewall GPO settings will be audited.
  • Changes to security options settings (local security policies), newly added in 2012 R2, will be audited.
  • Login failures will no longer occur in the domain where ADAudit Plus is installed, when user name is used in the UPN format under Domain settings.
  • Technicians will no longer face login issues, when the domain flat name of configured AD and Azure AD domains is the same.