Auditing and Analysis Scripting Guide

This guide describes the Audit Module for PowerShell command set. These PowerShell cmdlets run on Windows computers and can be used to automate auditing-related management tasks, such as the creation of new audit store databases. You can also use the cmdlets to get or set properties for an installation and perform other administrative tasks. For example, you can write scripts to find and remove sessions matching specific criteria, export audit trail events, or manage audit roles and auditor assignments.

Intended Audience

This guide provides information for auditing infrastructure administrators who want to use PowerShell scripts to manage auditing-related features and components of Verify Privilege Server Suite software. This document supplements the help provided within the PowerShell environment using the get-help function. Whereas the get-help function describes each cmdlet in detail, this document provides an introduction to the Auditing Module for Windows PowerShell objects and how you can use PowerShell cmdlets and scripts to perform auditing-related tasks.

This guide assumes general knowledge of PowerShell scripts and syntax, and of the Windows PowerShell modules used to write scripts for Active Directory. You should also be familiar with basic Active Directory operations, such as connecting to a domain controller and managing objects and attributes.

In addition to scripting skills, you should be familiar with Verify Privilege Server Suite architecture, terms, and concepts, and know how to perform administrative tasks for the Audit & Monitoring Service and for the platforms you support.

Using this Guide

This guide discusses audit-related administrative tasks using PowerShell-based command-line programs. This information is intended to help you develop scripts for managing the auditing infrastructure, including collectors, audited computers, the audit management database, and the active and attached audit store databases and performing other administrative tasks on Windows computers. With scripts, you can automate the administrative or analytical tasks you might otherwise perform using Audit Manager or Audit Analyzer.

The guide provides the following information:

• Developing Scripts for Administrative Tasks provides an introduction to using Windows PowerShell to perform auditing-related administrative activity.
• Installing the Audit Module for PowerShell describes how to download and install the module as a separate package.
• Managing Audit-Related Objects with Windows Powershell Scripts describes how to use the cmdlets to connect to Active Directory and perform access control and privilege management tasks.
• Auditing-Related Objects and Properties lists the objects defined by the Audit Module for PowerShell, and the properties of each object.

Compatibility and Limitations of This Guide

The information in this guide is intended for use with Verify Privilege Server Suite 2015, or later. Although intended to be accurate and up-to-date, interfaces are subject to change without notice and can become incompatible or obsolete when a newer version of the software is released.

In general, application programming interfaces are also intended to be backward-compatible, but are not guaranteed to work with older versions of the software. Because the authentication and privilege elevation cmdlets are subject to change, enhancement, or replacement, the information in this guide can also become incomplete, obsolete, or unsupported in future versions. If you are unsure whether this guide is appropriate for the version of the software you have installed, you can consult the IBM Security website or IBM Security Support to find out if another version of this guide is available.