Centrify Server Suite 2017's new Advanced Monitoring functionality preserves "identity context" even after the user "sudo's to root".
The new “advanced monitoring” feature adds three new functionalities:
- Generate audit trail events when specific programs are executed by any user.
- Generate audit trail events when any file in the directories /etc, /var/centrifyda and /var/centrifydc is modified by a non-root user.
- Get history of programs executed in an audited session, including programs that are executed by scripts.
Do you have IBM QRadar? Are you a Centrify Server Suite Customer looking to easily ingest Centrify Data into QRadar?