Are entered credentials submitted crypted to machines that shall be audited?
Audits are run using standard technologies.
SSH audit uses SSH. Windows audit uses WMI.
If SSH and WMI encrypt their credentials (they do) then yes.
I was just curios about if the whole communication chain is crypted. Our oae installation platform is Linux. When discovering AD for example docs say the audit script is deployed to the directory controller and run locally. The login and deployment thing is crypted then?
Short answer - yes. It uses the standard WMI/DCOM/Samba stuff.