Frequently Asked Questions

Frequently Asked Questions If the answer to your question is not contained within the information below, please contact This e-mail address is being protected from spam bots, you need JavaScript enabled to view it . What are the prerequisites for each data collector? Is it possible to share my StealthAUDIT Jobs with coworkers? How do I save the queries I create? How can I query hosts from a specific network segment? Why do I keep seeing "Access Denied" in the messages folder? Why am I getting "Cannot Connect" messages in the Messages log? How do I get the latest Patch Validation Jobs? Why am I getting MAPI errors when I try to query Exchange? How do I create a StealthAUDIT Job from scratch? What environment variables are supported in the File DC? Where do I get the latest version of StealthAUDIT? What are the prerequisites for each Data Collector? All data collectors require authentication. At a minimum, you must have local administrator access to the Windows host you intend to query. A few data collectors have specific prerequisites: File Data Collector - The File DC requires the default shares to be enabled: Admin$ and drive$ (c$, d$, etc) Exchange Mailbox and Exchange Public Folder Data Collectors - These data collectors require a MAPI session to be established and require a minimum of Exchange ViewOnly Admin privileges. A separate document exists to assist with configuration of the Exchange Data collectors. Registry Data Collector - The Registry DC requires the remote registry service to be running on each target host being queried. LDAP Data Collector - The LDAP DC requires read permission to Active Directory. WMI Data Collector - The WMI DC requires the WMI service to be installed and running on the target hosts being queried. Keep in mind that the WMI service is standard equipment on Windows 2000 and above. Windows NT4 Hosts must have the WMI service add-in installed and running. Return to the top of the page Is it possible to share my StealthAUDIT Jobs with coworkers? Follow the procedure below to share StealthAUDIT Jobs between StealthAUDIT Consoles: Close StealthAUDIT Open Windows Explorer and go to the \Program Files\STEALTHbits\StealthAUDITV4\Jobs folder. Select the job or jobs you wish to share, right click, and select "send to mail recipient". Fill in the appropriate email addresses and send. Your coworker will then need to save the job or collection of jobs to his/her \Program Files\STEALTHbits\StealthAUDITV4\Jobs folder. Restart StealthAUDIT or right-click the Jobs folder in the StealthAUDIT tree and select "Refresh". Return to the top of the page How do I save the queries I create? StealthAUDIT is equipped with a task library. This task library contains over 1,000 predifined query tasks, and can be used by StealthAUDIT users to save query tasks they create. Jobs that are deleted within StealthAUDIT can not be recovered. This means all query tasks you created as well as all data and report objects can not be recovered. STEALTHbits Technologies recommends that all query tasks created be saved for future use. To do so you can create a user defined libraries to save your query tasks so that they can be reused in future jobs. Follow these steps to create a user defined library: From the Hosts or Tasks container, right click and select "Add from Library". Select the first button on the button bar (Create new library). Give the library a descriptive name (Use underscores for spaces). A new library appears. Follow these steps to copy a query task into your library: From the Hosts or Tasks container select the query task to be copied into the library. Right click and select Add from Library. Select the library you defined from the drop down list. Right click and paste, or use the past button in the button bar. Your task is pasted. TIP: Always provide a valid name and description on the General tab of your query task so you can find the task in the library. Follow these steps to copy a query from the library into the Hosts or Tasks container. From the Hosts or Tasks container, right click and select Add from Library. Select the appropriate library from the drop down list. Select the task you wish to copy into the Host or Task container and click OK. The Task Properties dialog appears permitting you to make any required configuration chages to the task. Click OK to accept the task. Repeat steps to add additional tasks. Return to the top of the page How can I query hosts from a specific network segment? StealthAUDIT contains multiple methods for specifying Query Hosts. To specify the hosts for a specific network segment, use the IPSweep function in Host Management. A discovery task is configured as follows: Expand the Host Management node in the StealthAUDIT Tree. Click on "Discovery". In the right-hand pane, select "Create Query". Select the option titled, "Scan your IP network" and then click Next. Give your query a name and select which set of credentials will be used to perform your audit. Select your "Specification Type" from the dropdown list and fill in the resulting requested information such as the Starting/Ending IP Address, Subnet Mask, Hostname, or IP Range. The Open Ports field should only be used to specify Ports being listened to by specific hosts. This option will only return hosts listening on the ports you specify. Click Next to accept the configuration. Specify how often the query should be run and whether or not you'd like to keep a running history of all hosts ever discovered or just the hosts found during the most recent run. Click Next. Specify how often you'd like the inventory fields to be refreshed for the hosts discovered by this query, as well as which credentials should be utilized to execute the query. Select Next to see a summary of the query you've created, and then select Finish to finalize the query design phase. Now that the query has been designed, you will be prompted to run the query NOW or LATER. You can run the query at any time by selecting the Discovery node within Host Management, selecting the query from within the queries table, and selecting RUN QUERY from the right-hand pane. Return to the top of the page Why do I keep seeing "Access Denied" in the messages folder? StealthAUDIT has a number of prerequisites for connecting to a Host machine to successfully query it. These prerequisites include the following: The StealthAUDIT host machine must be logged-on with an account that has Local or Domain Administrator equivalency to the target the host machine(s) being queried. Alternatively, there must be a connection profile configured with these credentials and bound to the job. Make sure the user account you have logged-in with, or that has been assigned to your connection profile, has appropriate permissions. You may also want to verify that the host machines you are receiving the "Access Denied" messages from are in fact Windows hosts, are host machines that belong to your domain, or that are members of the domain. If the Host machine you are trying to query is a "guest" host, such as a visiting mobile user from another company, "Access Denied" would be a normal message to receive. Return to the top of the page Why am I getting "Cannot Connect" messages in the Messages log? StealthAUDIT has a number of prerequisites for connecting to a Host machine to successfully query it. These prerequisites include the following: The StealthAUDIT host machine must be logged-on with an account that has Local or Domain Administrator equivalency to the target the host machine(s) being queried. Alternatively, there must be a connection profile configured with these credentials and bound to the job. Specific Services must be running depending on the Data Collector being used. For Example, the Registry Data Collector requires the remote registry service to be started. Return to the top of the page How do I get the latest Patch Validation Jobs? STEALTHbits Technologies automatically distributes the latest Patch Validation Jobs for Microsoft Security Bulletins on a monthly basis. These jobs are distributed to all licensed customers via email. The jobs are normally constructed, tested, and distributed within 72 hours of Microsoft's release. If you are not currently receiving this distribution, you can request to be added to the distribution list by sending an email containing your contact information including Name, Company, Address, Phone Number, and Email Address to This e-mail address is being protected from spam bots, you need JavaScript enabled to view it . You will receive a message confirming your name has been be added to the list once you or your organization have been confirmed as a registered licensed user of StealthAUDIT. If you or your organization is evaluating StealthAUDIT and would like the latest Patch Validation Job Set, contact your Sales Representative, or send an email to This e-mail address is being protected from spam bots, you need JavaScript enabled to view it for assistance. Return to the top of the page Why am I getting MAPI errors when I try to query Exchange? Most often, MAPI errors are caused by either insufficient permissions or an incorrect or incomplete StealthAUDIT Exchange configuration. First, ensure that ESM is installed on the StealthAUDIT console and that the credentials you are using for gathering information from Exchange are sufficient. For further details, contact our Support Team at This e-mail address is being protected from spam bots, you need JavaScript enabled to view it . Return to the top of the page How do I create a StealthAUDIT Job from scratch? Follow the instructions below to create a new Job in StealthAUDIT: Expand the SOLUTIONS node in the Job Tree (left hand pane) and click on the folder "Jobs". In the center pane, select create your own job, or right-click the Jobs folder and select "Create Job" Give your Job a name corresponding to the type of information you want to collect. TIP: Use underscores (_) in place of spaces to ensure optimal database conditions. Expand the "Configure" container within your job and select "Queries". In the center pane, select "Rename Table". Give the table a name corresponding to to the type of information you want to collect. TIP: Use underscores (_) in place of spaces to ensure optimal database conditions. Next, select "Create Query". A Query Properties dialogue box will appear. In the General tab, fill in the information regarding the job name and description. In the Data Source tab, select a Data Collector from the Source dropdown box corresponding to the type of information you want to collect. For Example, the EventLog Data Collector would be used to collect information from your various system, application, and security logs. Click the three-dot radio button (...) to envoke the Data Collector Wizard. Navigate through the Data Collector to choose which properties you'd like to collect and select Finish or OK when you've completed your query configuration. Click OK again within the Query Properties dialogue box. In the left hand pane, select Hosts. Choose an applicable, already configured group of hosts to run your Job against (Example - All Exchange Servers, All Windows Hosts, Default Domain Controller). Alternatively, manually type in the host names of the systems you'd like to run the job against, selecting Add after each one. Finally, choose the Play button from the tool bar or right-click the Job and select Run Job to execute your query. Return to the top of the page What environmental variables are supported in the File DC? StealthAUDIT's File Data Collector supports the use of wild cards, as well as variables in the place of the drive letter. If you think a directory could be located on different fixed disks of a query host, you can create a file path in the File DC such as *:\McAfee. This will search all fixed disks of each host for the McAfee folder. If you need to search the \program files\ folder, but are unsure which fixed disk it's located on, you can use the variable path %program files% or %programfiles% and StealthAUDIT will resolve to the OS registered path. Other path values supported by StealthAUDIT include: %systemroot% or %system root% which maps to the \winnt or \windows folder. %systemdrive% or %system drive%, which maps to the boot drive; normally c:\. %windir%, which maps to the ADMIN$ administrative share, ultimately pointing to the \winnt or \windows folder. The File Data Collector also support wildcards in the file name such as *.* or *.DLL. Return to the top of the page Where do I get the latest version of StealthAUDIT? STEALTHbits Technologies automatically distributes download links for each new maintenance release and all major releases to all licensed customers via email. If you have not received such an email, you can be added to the distribution list by sending an email containing your contact information including Name, Company, Address, Phone Number, and Email Address to This e-mail address is being protected from spam bots, you need JavaScript enabled to view it . You will receive a message confirming your name has been be added to the list once you or your organization have been confirmed as a registered licensed user of StealthAUDIT. If you or your organization is evaluating StealthAUDIT and would like the latest release of StealthAUDIT, contact your Sales Representative, or send an email to This e-mail address is being protected from spam bots, you need JavaScript enabled to view it for assistance. Return to the top of the page

 

< Prev		Next >

Terms of Use                     Privacy Statement                     Disclaimer                     Site Map                     Webmaster                     Resources