Customer are seeing great value from Centrify's Server Suite DirectAudit's session capture and replay capabilities. We hear the benefits from customers all the time. Examples of how DirectAudit allowed them to quickly uncover what malicious users did or mistakes honest users made that caused systems and applications to go down. Like in the human world, having a security camera at the system level, with the ability to search and replay is the best way to determine what is happening or has occurred.
Customers who implement DirectAudit should implement a rentention policy and purge audited sessions after a period of time. Doing so allows the Audit Store(s) to remain small which delivers better performance. Their are multiple ways to implement a data retention policy for DirectAudit, including rotating databases every so often as described on page 9 of the Database Management guide. Another option not as well know, and the focus of this article, is that data can be purged after a certain amount of time. For example, delete sessions older than 90 days.
Centrify provides a tool called PurgeSessions documented in Knowledge Base article KB-3394. PurgeSessions can be scheduled to run using the Windows scheduler every 2 weeks to delete sessions older than the retention policy.Read more...