See who accesses what, when and why. Mitra Auditor gives you the answers you need to identify risks, detect threats and automate compliance. With integrated forensic analysis.
No agents. No complexity. Just control.
Active Directory
Office 365
Azure Entra ID
SQL Server
PostgreSQL
NAS
Windows Logon
Windows ServerMost incidents do not start from outside. They start from within: a valid credential, an excessive permission, an anomalous session or access to a critical file. By the time they are detected, many organisations can no longer reconstruct what happened, who did it and when it started.
A misassigned privilege, an unrevoked access or a compromised credential can open the door to your entire infrastructure. Without audit, the damage is discovered before the cause.
Changes to groups, policies and permissions with no audit trail. An attacker with valid credentials can escalate privileges without triggering obvious alarms.
Who accessed that contract before the competitor made the same offer? Without file auditing, the answer is usually: nobody knows.
When something happens, the team opens different consoles, exports events and manually cross-references logs. Hours later, they may still not have a reliable sequence of events: actor, origin, actions, affected resources and impact.
GDPR, ENS, ISO 27001 and NIS2 require evidence: who accessed what data, when and with what outcome. Without structured records, an external audit becomes a crisis.
No more scattered logs. No more noise. Clear answers for security, compliance and incident investigation.
Changes to users, groups, GPOs and permissions recorded with actor, action, origin and precise timestamp.
Accesses, creations, modifications, deletions and permission changes on files. Who, what, from where and when.
Logins, authentication failures, remote accesses and use of explicit credentials detected and traced in real time.
Audit of inbox rules, mailbox permissions, forwarding and suspicious activity in corporate email.
Queries, bulk updates, schema changes and privileged accesses recorded with user, origin, affected object and executed statement.
Services, scheduled tasks, local users, installed software and configuration changes under continuous traceability.
Automatic event correlation across identity, sessions, files, databases and Microsoft 365 to reconstruct actor, sequence, affected resources and impact.
Visibility into Copilot interactions within Microsoft 365 to identify documents, data and conversations exposed to generative AI.
The CISO needs to know whether the organisation is exposed, not review logs. Mitra Auditor consolidates privileged accesses, critical changes, anomalous activity and forensic evidence in an executive risk view.
The IT Director needs visibility over the infrastructure without adding operational overhead. Mitra Auditor installs centrally, with no agents on production servers, and collects events from native sources.
The compliance officer needs to demonstrate, not explain. Mitra Auditor structures the evidence required by GDPR, ENS, ISO 27001 and NIS2: who accessed what data, when, from where, with what outcome and what changes were made.
The security team needs to investigate fast. The Activity Inspector and forensic module reconstruct the chain of an incident by crossing identity, sessions, files, databases and Microsoft 365.
Twelve specialised audit modules. A single control panel. Complete visibility.
Audit of users, groups, GPOs, computers and permissions. Every directory change recorded with who, what, when and from where.
Identity & AccessFull record of logins and logouts, failed authentications, use of explicit credentials and Kerberos tickets across all domain computers.
AuthenticationCreation, modification, deletion, renaming and permission changes on files and folders. Who accessed, what they did and from which computer.
Data & FilesInstalled or modified services, local users, local groups, scheduled tasks, start and shutdown events. Full system state control.
InfrastructureRead, write and schema modification operations on SQL Server databases. Audit of privileged accesses and configuration changes.
DatabasesNative audit via pgAudit. DDL, DML and access statement logging with actor, object and outcome resolution for PostgreSQL environments.
DatabasesSyslog event reception and analysis from Synology and QNAP NAS devices. File accesses, creations, deletions and moves on network storage.
NAS StorageDynamic learning and visibility into the user's real behaviour at the workstation. Detection of anomalous patterns, out-of-hours activity and deviations from normal behaviour.
BehaviourMailbox accesses, sends, deletions, permission changes and inbox rules. Full audit of corporate email in the cloud.
EmailAccesses, downloads, sharing and permission changes on SharePoint documents. Visibility into who accesses what corporate information in the cloud.
DocumentsChannel and team creation and deletion, sensitive messages, file sharing and configuration changes. Corporate collaboration audit.
CollaborationLog of Copilot AI interactions in the Microsoft 365 environment. Visibility into what corporate information is queried, processed or exposed to AI.
AI & ProductivityAudit of flows created, modified or deleted in Power Automate. Control over process automation that may access or move sensitive data.
AutomationAuthentication events, role changes, licence assignments and administration activity in Azure Active Directory. Cloud identity under control.
Cloud IdentityMost solutions on the market simply collect logs. Mitra Auditor turns them into actionable intelligence.
Mitra Auditor learns how each user works: usual hours, devices, file volumes, paths, applications, email, SharePoint and desktop activity.
When someone deviates from their pattern — out-of-hours activity, access to folders never visited before, simultaneous sessions or anomalous operation volume — it generates an anomaly with a risk score and links it to other indicators to detect patterns such as exfiltration preparation, credential abuse or lateral movement.
Interactive visualisation of all audited activity. Connect actors, machines and actions in a single graph view. Identify patterns, lateral movement and anomalous behaviour at a glance.
Deterministic correlation engine that reconstructs the exact sequence of an incident: actor, origin, actions taken, affected resources and impact.
Configurable rules by module, action type, user, device or time range. Immediate notifications when something that should not happen does.
Predefined reports for GDPR, ENS, ISO 27001 and NIS2, with filters by period, user, source and action type. Export to PDF and CSV.
Each Mitra solution works independently. Together, they form the most complete security platform on the market for Windows and Microsoft 365 environments.
The suite's central panel. It consolidates activity across the entire infrastructure and, when combined with the other Mitra products, incorporates their security logs into the same audit panel.
When Mitra Antiransomware detects an attack, Mitra Auditor automatically incorporates those events: affected files, patient zero, encryption timeline and response taken.
Learn about Mitra Antiransomware →
Mitra Password events — password resets, MFA enrolments, lockouts and credential changes — appear directly in the audit panel for correlation with the rest of the activity.
Learn about Mitra Password →Integration between products is optional. Each Mitra solution can be purchased and deployed completely independently.
Mitra Auditor does not install permanent agents on monitored servers. It remotely accesses native logs, APIs, databases and Microsoft 365 services from a centralised installation.
Active DirectoryWindows LogonFile ServerWindows ServerSQL ServerPostgreSQLNAS SyslogExchange OnlineSharePointTeamsCopilotPower PlatformYes. Mitra Auditor covers on-premise infrastructure — Active Directory, File Server, SQL Server, PostgreSQL, NAS and Windows Server/Workstation — and Microsoft 365 services such as Exchange Online, SharePoint, Teams, Copilot, Power Platform and Azure Entra ID, all from a single centralised control panel.
The UBA engine learns each user's normal behaviour: hours, devices, file volumes, paths, applications, email, SharePoint and desktop activity. When it detects a significant deviation — out-of-hours activity, access to new paths, simultaneous sessions, privileged changes or anomalous operation volume — it generates an anomaly with a risk score and links it to other indicators to detect patterns such as exfiltration preparation, credential abuse or lateral movement.
Mitra Auditor provides traces and evidence to address the audit requirements of GDPR, the National Security Framework (ENS), ISO/IEC 27001, NIS2 and SOX. Compliance reports are available with filters by period, source, user and action type.
The Mitra Auditor server installation takes under an hour. On-premise module configuration is handled by an integrated wizard that automatically applies the necessary audit policies. Microsoft 365 modules require registering an application in Azure AD.
Most audit platforms display isolated events. Mitra Auditor automatically correlates events related to an incident, even when they come from different modules, and builds a chronological narrative: main actor, chain of actions, affected resources and potential impact.
Yes. Mitra Auditor is designed for complex enterprise environments: multiple Active Directory domains, several Microsoft 365 tenants, servers in different geographic locations and separate networks. Monitoring plans allow the audit to be organised by site, domain, source or criticality.
Mitra Auditor collects and stores events continuously. If an out-of-hours alert is configured, the system immediately notifies the relevant team and retains the event for subsequent analysis, forensic correlation and reporting.
Mitra Auditor is licensed via annual subscription, with a predictable model based on active modules and monitored infrastructure volume. It can be purchased independently or as part of the Mitra Data Security Suite.
Yes. The alerting engine allows rules to be created based on module, action type, user, device, time range and activity thresholds. Notifications can be delivered by email and Microsoft Teams.
Mitra Auditor is an on-premise IT audit platform that combines event auditing, Activity Inspector, forensic analysis, alerts, compliance reporting and user behaviour analytics in a single console. The goal is not to store logs: it is to turn scattered infrastructure activity into actionable evidence.