Forum Discussion

hbozan's avatar
hbozan
Level 4
10 years ago

How to audit Discovery Accelerator ?

Hi Everybody,

EV version is 11.0.1

If it is possible I would like to enable auditing for Discovery Accelerator.

5 years ago it was asked in forum discuss about this issue : https://www-secure.symantec.com/connect/forums/auditing-actions-taken-discovery-accelerator 

Auditing situation for DA still is the same or is there any new work ?

Thank you,

 

  • Hello, hbozan;

    We are looking into adding auditing features to both Compliance Accelerator and Discovery Accelerator.  We tried to get some into the next major release, but we couldn't fit the development work needed into the schedule.  We're still looking into adding it into a future release, though.

    For now, all we have are the reports in the existing releases and the enhanced reporting in the next major release, plus the ability to create custom SQL queries for certain information that we already keep (such as who created a search, who modified a search, who marked an item as reviewed/questioned/escalated/etc.).

    Kind regards,

    Ken

     

  • DA still doesnt have auditing seperate from EV so you'd go in and enable auditing from the EV console the same way.

    there's an idea posted about it you might want to vote on:

    https://www-secure.symantec.com/connect/idea/discovery-accelerator-requires-audit-feature

    you might also want to look into Clearwell if DA doesn't meet your requirements.

  • Do you want a report on searches ran?  It is all the same AFAIK.

    you could use this:

    SELECT SearchID,
                CaseID,
                NumHits,
                PrincipalName AS ModifiedBy,
                tblIntSearches.Name AS SearchName,
                tblIntSearches.ModifiedDate AS DateModified,
                CreateDate,
                tblStatus.[Name] AS SearchType,
                CreationType.[Name] AS CreationType,
                SampleResultSize,
                NativeQuery,
                NativeLegacyQuery,
                XMLText
    FROM tblIntSearches
          LEFT OUTER JOIN [tblPrincipal] ON tblIntSearches.[ModifiedByID] = tblPrincipal.[PrincipalID]
          INNER JOIN [tblStatus] ON tblIntSearches.[Type] = tblStatus.[StatusID]
          INNER JOIN [tblStatus] CreationType ON tblIntSearches.CreationType = CreationType.[StatusID]
    WHERE tblIntSearches.[StatusID] <> 858 AND PrincipalName IS NOT NULL
    UNION ALL
    SELECT  TypeID AS SearchID,
                tblAudit.CaseID,
                NumHits,
                PrincipalName AS ModifiedBy,
                tblIntSearches.Name AS SearchName,
                AuditDate AS DateModified,
                CreateDate,
                tblStatus.[Name] AS SearchType,
                CreationType.[Name] AS CreationType,
                SampleResultSize,
                NativeQuery,
                NativeLegacyQuery,
                XMLText
    FROM tblIntSearches
          INNER JOIN tblAudit ON tblAudit.TypeID = tblintSearches.SearchID
                AND tblIntSearches.StatusID <> 858
                AND tblAudit.AuditTypeID = 1052
          LEFT OUTER JOIN [tblPrincipal] ON tblIntSearches.[CreatedByID] = tblPrincipal.[PrincipalID]
          INNER JOIN [tblStatus] ON tblIntSearches.[Type] = tblStatus.[StatusID]
          INNER JOIN [tblStatus] CreationType ON tblIntSearches.CreationType = CreationType.[StatusID]
    ORDER BY CreateDate DESC

  • Hi AndrewB,

    Thank you for reply.

    In EV console Auditing is enabled but the problem is exactly the same in the URL which you've shared. 
    Idea was written about 5 years ago, I've voted the idea. If every 5 year 1 people vote in 50 years it will be 10 votes :)

     So, does Clearwell have auditing for this issue ?

  • Thank you Tony for reply. I will try this query and keep it. 

    We are searching a solution to trace system administrator(s)' behaviors in DA like he can change owner of a case and grant himself or grant others for temporary access and takes back changes... If there was a log for those changes in any place ( in DA server, in EV servers ... ) it would be satisfying for Audit/Security Department.

  • if i recall correctly, clearwell logs every single move/change in the system whether it's by an admin or a user

  • hbozan, did you have any more questions on this topic?

  • Hi AndrewB,

    Last week I opened a case related with these Auditing Issues when the case completed I will close this topic and if there isn't any other answer from Symantec(Veritas) support I will choose your answer as solution and close this topic.

    Thank you,

  • Hello, hbozan;

    We are looking into adding auditing features to both Compliance Accelerator and Discovery Accelerator.  We tried to get some into the next major release, but we couldn't fit the development work needed into the schedule.  We're still looking into adding it into a future release, though.

    For now, all we have are the reports in the existing releases and the enhanced reporting in the next major release, plus the ability to create custom SQL queries for certain information that we already keep (such as who created a search, who modified a search, who marked an item as reviewed/questioned/escalated/etc.).

    Kind regards,

    Ken

     

    • Titoine31's avatar
      Titoine31
      Moderator

      Hello Kenneth,

      Have you any news regarding Auditing in Discovery Accelerator and / or Compliance Accelerator ?

      Regards,

      Antoine

      • Titoine31's avatar
        Titoine31
        Moderator

        Hello all,

        In DA 12.0 we can use OData web service for have some informations ... that's all at this time.

        Regards,

        Antoine