On-Premises Exchange

On-premises Exchange remains a critical piece of business infrastructure that provides messaging, task management, and contact management services. Cygna Auditor helps you supervise activity on your on-premises Exchange Server and ensure all security controls are in place and data is protected.

Cygna Auditor tracks activity across your Exchange organization, including changes to mailboxes made by non-owners. The data is presented in a user-friendly format. With Cygna Auditor, you will never miss unauthorized access or changes to mailbox. The product allows auditing up to 2500 mailboxes per Exchange organization with no limits for auditing administrative and configuration events.

Start Collecting Data

QUICK TIP: Have you configured your Exchange Server for auditing? For more information, see Configuring Settings for On-Premises Exchange.
  1. On the Cygna Auditor home page, click the Configuration tile and then drill-down to On-Premises Exchange / Servers.
  2. Click to add a new Exchange organization.

  3. Complete the Exchange auditing configuration.

    OPTION

    DESCRIPTION

    General tab

    Enable collector

    Switch the toggle to "On".

    Name

    Provide a name. It can be your Exchange Server name or any title to help it distinguish from other on-premises Exchange collectors.

    Description

    Provide a description (such as the Exchange version, location, etc.)

    Exchange Server tab

    Account name, password

    Enter the user credentials. Specify a user name in the following format: domain\username.

    Cygna Auditor will use this account to collect audit data from the Exchange organization.

    Exchange Server

    Provide an Exchange Server name.

    Authentication mechanism

    Specify the auth method and verify connection.

    Collection Schedule tab

    Create a collection schedule

    Select to add a new schedule. You can create several schedules if needed.

    Enable scheduled job

    Switch the toggle to "On".

    Name

    Specify a name of the schedule.

    Description

    Provide a description.

    Frequency

    Cygna Auditor provides multiple options: one-time, minutes, hours, days, Monday-Friday, weekly, bi-weekly, monthly, quarterly, annually. Select how often to perform data collection depending on your auditing needs.

    Start date

    Choose when to start collecting data: immediately or specify a date.

    End date

    Specify an end day for the data collection schedule if necessary or set to "Never".

    Summary tab

    Review your auditing configuration and save it.

The Exchange organizations you configured for auditing will appear in the list.

Configuring Filters for Data Collection

Filters help you narrow down the number of events collected and processed by Cygna Auditor. Typically, the Exchange Server generates thousands of events, mostly read events, such events are regarded as noise. Create filters to audit and process the events you are interested in and skip others.

Note: The filters are optional.

  1. On the Cygna Auditor home page, click the Configuration tile and then drill-down to On-Premises Exchange / Filters.
  2. Click to add a new data collection filter.

  3. Complete the filter configuration.

    OPTION

    DESCRIPTION

    The General tab

    Enable this collection filter

    Set to "on" to activate the filter.

    Select an Exchange Server

    Pick an Exchange Server from the list.

    Name

    Provide a name for a filter

    Description

    Add an explanation what this filter is used for.

    The Who tab

    Who

    Specify users or groups to be affected by this filter. Set to one of the following:

    • Apply filter to all mailboxes and groups

    • Apply filter to the selected mailboxes and groups—search for AD users or groups and decide whether to include or exclude them. For example, exclude the Domain Admins group to skip all changes made by your system administrators.

    The What tab

    What

    Specify events to be filtered. Set to one of the following:

    • Apply filter to all events

    • Apply filter to the selected events—specify events from the list and decide whether to include or exclude them. For example, include only events made by non-owners.

    The Where tab

    Where

    Specify target users or groups for this filter. Set to one of the following:

    • Apply filter to all mailboxes and groups

    • Apply filter to the selected mailboxes and groups—search for AD users or groups and decide whether to include or exclude them. For example, include the Domain Users group.

The filters you create will appear in the list.

Continue reading:

Dashboard

Auditing

Reports