cancel
Showing results for 
Search instead for 
Did you mean: 

How to audit Discovery Accelerator ?

hbozan
Level 4
Partner Accredited

Hi Everybody,

EV version is 11.0.1

If it is possible I would like to enable auditing for Discovery Accelerator.

5 years ago it was asked in forum discuss about this issue : https://www-secure.symantec.com/connect/forums/auditing-actions-taken-discovery-accelerator 

Auditing situation for DA still is the same or is there any new work ?

Thank you,

 

1 ACCEPTED SOLUTION

Accepted Solutions

Kenneth_Adams
Level 6
Employee Accredited Certified

Hello, hbozan;

We are looking into adding auditing features to both Compliance Accelerator and Discovery Accelerator.  We tried to get some into the next major release, but we couldn't fit the development work needed into the schedule.  We're still looking into adding it into a future release, though.

For now, all we have are the reports in the existing releases and the enhanced reporting in the next major release, plus the ability to create custom SQL queries for certain information that we already keep (such as who created a search, who modified a search, who marked an item as reviewed/questioned/escalated/etc.).

Kind regards,

Ken

 

View solution in original post

12 REPLIES 12

AndrewB
Moderator
Moderator
Partner    VIP    Accredited

DA still doesnt have auditing seperate from EV so you'd go in and enable auditing from the EV console the same way.

there's an idea posted about it you might want to vote on:

https://www-secure.symantec.com/connect/idea/discovery-accelerator-requires-audit-feature

you might also want to look into Clearwell if DA doesn't meet your requirements.

TonySterling
Moderator
Moderator
Partner    VIP    Accredited Certified

Do you want a report on searches ran?  It is all the same AFAIK.

you could use this:

SELECT SearchID,
            CaseID,
            NumHits,
            PrincipalName AS ModifiedBy,
            tblIntSearches.Name AS SearchName,
            tblIntSearches.ModifiedDate AS DateModified,
            CreateDate,
            tblStatus.[Name] AS SearchType,
            CreationType.[Name] AS CreationType,
            SampleResultSize,
            NativeQuery,
            NativeLegacyQuery,
            XMLText
FROM tblIntSearches
      LEFT OUTER JOIN [tblPrincipal] ON tblIntSearches.[ModifiedByID] = tblPrincipal.[PrincipalID]
      INNER JOIN [tblStatus] ON tblIntSearches.[Type] = tblStatus.[StatusID]
      INNER JOIN [tblStatus] CreationType ON tblIntSearches.CreationType = CreationType.[StatusID]
WHERE tblIntSearches.[StatusID] <> 858 AND PrincipalName IS NOT NULL
UNION ALL
SELECT  TypeID AS SearchID,
            tblAudit.CaseID,
            NumHits,
            PrincipalName AS ModifiedBy,
            tblIntSearches.Name AS SearchName,
            AuditDate AS DateModified,
            CreateDate,
            tblStatus.[Name] AS SearchType,
            CreationType.[Name] AS CreationType,
            SampleResultSize,
            NativeQuery,
            NativeLegacyQuery,
            XMLText
FROM tblIntSearches
      INNER JOIN tblAudit ON tblAudit.TypeID = tblintSearches.SearchID
            AND tblIntSearches.StatusID <> 858
            AND tblAudit.AuditTypeID = 1052
      LEFT OUTER JOIN [tblPrincipal] ON tblIntSearches.[CreatedByID] = tblPrincipal.[PrincipalID]
      INNER JOIN [tblStatus] ON tblIntSearches.[Type] = tblStatus.[StatusID]
      INNER JOIN [tblStatus] CreationType ON tblIntSearches.CreationType = CreationType.[StatusID]
ORDER BY CreateDate DESC

hbozan
Level 4
Partner Accredited

Hi AndrewB,

Thank you for reply.

In EV console Auditing is enabled but the problem is exactly the same in the URL which you've shared. 
Idea was written about 5 years ago, I've voted the idea. If every 5 year 1 people vote in 50 years it will be 10 votes :)

 So, does Clearwell have auditing for this issue ?

hbozan
Level 4
Partner Accredited

Thank you Tony for reply. I will try this query and keep it. 

We are searching a solution to trace system administrator(s)' behaviors in DA like he can change owner of a case and grant himself or grant others for temporary access and takes back changes... If there was a log for those changes in any place ( in DA server, in EV servers ... ) it would be satisfying for Audit/Security Department.

AndrewB
Moderator
Moderator
Partner    VIP    Accredited

if i recall correctly, clearwell logs every single move/change in the system whether it's by an admin or a user

AndrewB
Moderator
Moderator
Partner    VIP    Accredited

hbozan, did you have any more questions on this topic?

hbozan
Level 4
Partner Accredited

Hi AndrewB,

Last week I opened a case related with these Auditing Issues when the case completed I will close this topic and if there isn't any other answer from Symantec(Veritas) support I will choose your answer as solution and close this topic.

Thank you,

Kenneth_Adams
Level 6
Employee Accredited Certified

Hello, hbozan;

We are looking into adding auditing features to both Compliance Accelerator and Discovery Accelerator.  We tried to get some into the next major release, but we couldn't fit the development work needed into the schedule.  We're still looking into adding it into a future release, though.

For now, all we have are the reports in the existing releases and the enhanced reporting in the next major release, plus the ability to create custom SQL queries for certain information that we already keep (such as who created a search, who modified a search, who marked an item as reviewed/questioned/escalated/etc.).

Kind regards,

Ken

 

hbozan
Level 4
Partner Accredited

Thank you for informing us

Titoine31
Moderator
Moderator
Partner    VIP    Accredited Certified

Hello Kenneth,

Have you any news regarding Auditing in Discovery Accelerator and / or Compliance Accelerator ?

Regards,

Antoine

Titoine31
Moderator
Moderator
Partner    VIP    Accredited Certified

Hello all,

In DA 12.0 we can use OData web service for have some informations ... that's all at this time.

Regards,

Antoine

In the response from Kenneth he stated that "we only have the current reports with enhanced reports in the next major release".  Taking the dates into account I assume the next major release was EV12.

What do we have in EV12 to give us audit information regarding who did what & when ?

Also - I have not tried the SQL query contained in this post - does it provide good / reliable / useful information ?  What database do we run the query against ?

Thanks,

AJ.