1.2 How Change Guardian Works
Change Guardian collects events from assets using Change Guardian agents. For example, when a Windows machine logs an event such as, file property changed, file created, user permission changed, user logged in, Change Guardian Agent for Windows collects the event data. The event data contains who, what, when, and where.
Agents collect events based on rules set by Change Guardian policies. A policy defines what type of events are to be collected, assign risk value to an event, assign specific users to allow the change, set event severity, and so on. When an agent collects events, Change Guardian can notify you through pre-configured emails or alerts in the dashboard.
Change Guardian provides the following interfaces to view events and take action:
Change Guardian dashboards: Allows you to view all events and manage alerts created using Change Guardian.
Administration Console: Allows you to view and interact with data collected by Change Guardian.
Change Guardian events can be forwarded to other softwares for further analysis, and for long term retention such as another Change Guardian server, Sentinel server, or Splunk Enterprise Security. Change Guardian works with Directory Resource Administrator and Identity Manager track identities of users accounts.
1.2.1 Change Guardian Architecture
The following diagram illustrates how Change Guardian works:
|
Components in the Diagram |
Description |
|---|---|
|
Assets |
Endpoints from where Change Guardian agents collect events. |
|
Change Guardian Agents |
Windows or UNIX based software that collects event data from the assets and forwards them to the Change Guardian server. |
|
SmartConnector for Change Guardian |
Collects event data in Common Event Format (CEF) from Dell EMC and Microsoft Exchange, and forwards to Change Guardian Agent for Windows. |
|
Change Guardian Server |
A Linux-based computer that receives and stores the event data. The server also stores the policies that you create. The server provides the capabilities of searching events and creating alerts and reports. |
|
Agent Management |
A central location where you can manage agents. Agent Manager allows you to deploy and manage your agents directly on the agent host machine, or remotely install agents. |
|
Policy Editor |
A Windows-based console where you create as well as deploy policies and alerts for asset monitoring. |
|
Change Guardian Web UI |
Interfaces to dashboards and management consoles where you can view events, view and triage alerts, create event and alert routing rule, manage users, and so on. |