The first step in any of the audits performed by Ecora Auditor Professional is the collection of the relevant attributes from the relevant sections of the environments. For example, if an audit of all administrator password-related policies for Windows SOX compliance is desired, than the relevant attributes related to password policies need to be collected from the Windows SOX-compliant servers. The step-by-step collection process is detailed in the section bellow.
1. Click the Collect icon.
2. Collect Data:
- Save Intermediate Data To - change the name of the file where the Intermediate Data will be saved, by default (recommended) Month-Day-Year_hh:mm:ss.
- System : Group - when a System Group is defined you can select it from the drop-down menu.Once a group is selected you can also edit it by clicking the Edit button in the right.
- Attribute : Group - from the drop-down menu you can select an Attribute Group that has been previously saved. Once selected you can edit it by clicking the Edit button in the right.
If left default as Chose Interactively you will be asked in the following steps to chose both the Systems you are going to scan and the Attributes that will be collected.
3. Click OK
4. Edit Attribute Group:
Here you are prompted to select the attributes Auditor Pro will collect.
- Select the desired attribute group to be collected by checking the check-box designated for it.
- Click the "+" sign to expand the attribute group tree.
Tip: checking the box for an Attribute Main Group will automatically collect all the Attribute Sub-Groups.
In the example picture you can notice that we are collecting all the information from a Server except the attributes that require custom settings (Custom Methods, Custom WMI, File System->File Integrity Checking Info, Software->Registry Keys).Collecting with this settings is explained in the Ecora wiki section Custom Methods.
- One of the most powerful features of Auditor Pro is that it allows you to collect attributes based on an existing report (canned or custom).
Click the Use Reports button (see above picture).
In essence,
Auditor Pro will only collect the attributes needed for a specific report reducing the collection time and the space required in the database to store the data sets. The
Use Reports method allows you to select more than one report and consequently all the attributes needed for each report will be collected. Expand the Reports Tree until you reach the desired report. Select it by checking the designated check-box.
5. After you completed selecting the attributes(or after selecting report(s) if you use the Use Reports feature) click OK
- You will be asked if you would like to save the Attribute Group. Clicking Yes will open a new window where you can edit the name and description of the Attribute Group.Clicking No will continue the data collection process without saving the Attribute Group.
6. Data collection options:
- Collection options tab - use the radio button to specify the depth limit for exploring share subfolders or to set the search dept to Unlimited (all subfolders will be explored).
In our example Report properties,permissions and checksums for specified files, Report custom registry keys and Report custom methods are grayed out as no custom method is selected.Each method is explained under the Ecora wiki section Custom Methods
- Advanced tab - you can set Auditor to collect from all domain controllers, servers and/or workstations.
Tip: please be advised that this setting will remain set for all future collections and you might need to later uncheck it.
7. Click Next
8. Discover Options - chose the preferred discovery method in order to select the systems from which Auditor Pro will collect data.(see Discovery Methods section on Ecora wiki)
9. Once you have selected the desired systems click Finish.
10. The Performance warning window will appear and Auditor Pro will display the estimated time for the data collection you are about to start. This is based on the number of attributes that are collected and the number of system Auditor Pro will collect from and it is NOT precise.
Click Yes to continue.
11.You are prompted to save selected systems into a System Group.
- Clicking Yes will prompt a new window where you will be asked to provide a System Group Name.
-Click OK and the Data Collection will begin.
-Cancel will discard saving the systems in a System Group and will start the Data Collection
- Clicking No will start the Data Collection without saving the System Group for future collections.
12. Data Collection Progress - you can view all tasks Auditor Pro is performing at any point during the process.
13. Once the Data Collection is completed you can find the dataset in the left section of Auditor Pro by switching to the Data tab. The datasets are sorted by date. The latest dataset will be listed on the bottom of the section.
In our example you will see that we have the info collected for both systems under the same dataset. This is because we used the "Multiple systems per dataset" setting (see File->Settings->Output Formats).
