Versions Compared

Old Version 12

changes.mady.by.user Paul McClendon

Saved on

compared with

New Version Current

changes.mady.by.user Paul McClendon

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Every environment is different and we understand that. We are often questioned if Open-AudIT is pcidss compliant, can audit in a DMZ (demilitarized zone) or an air gapped network. The answer to all of these questions is yes however, it is a matter of process. This How-To is designed to help you think through this process and assist in implementing Open-AudIT into a variety of complex network environments. Follow the chart and decide which audit methods are most relevant to you and your team and see instructions below on how to accomplish these complex audits.

Image Removed

Image Removed

Image Added

Link A - Audit a computer with no network connectivity

Link B - How to use Active Directory Discovery

Link C - Collector / Server

Link D - Auditing with a Script

Link E - Building your Network Discovery 

Auditing with a script

Open-AudIT can perform audits simply with the proper credential set of a device or subnet. In some cases there may be no internet access or it is a remote machine, etc. this is when auditing using a script can come in handy.

...

The script has variables that can be set the same as the variables in audit_windows.vbs. You could (for example) dynamically set the $url variable when you run the script by

Code Block
./audit_linux.sh url=http://your_server/open-audit/index.php/input/devices

The variables that are accepted on the command line are: 

...

Copy the audit script to a USB drive, go to the remote computer and insert the USB drive. Open a command prompt and navigate to where you copied the script. Run the script and output to an XML file using the command

Code Block
cscript audit_windows strcomputer=. submit_online=n create_file=y

An XML file named COMPUTERNAME_DATE.xml should be created. Close the terminal window. Remove the USB drive and go to a computer with Open-AudIT connectivity. Open the XML file and copy the XML and log in to the Open-AudIT web application and go to menu  -> Manage -> Devices -> Create Devices. You will see options for manually copying and pasting the file contents or uploading the file directly.

...

If you can see the computer on the network and it has it's firewall opened to allow remote WMI/VBscript, you can run the audit script using the remote credentials.

Code Block
cscript audit_windows.vbs strcomputer=REMOTE_COMPUTER_NAME struser=REMOTE_DOMAIN/REMOTE_USERNAME strpass=REMOTE_PASSWORD

You may need to substitute the string "workgroup" or the remote computer name for REMOTE_DOMAIN above.

Active Directory discovery

How to use Active Directory Discovery

Other Commands

This command will run the audit on the local PC and output the results to a file (in the current directory). The "." can be used in place of the local machine name:

...

How to audit a subnet using a scriptHow to use Active Directory Discovery

Configuring Open-Audit with HTTPS/SSL

...