Differential technology

Beyond event logging.

Mitra Auditor turns scattered activity into actionable intelligence: Activity Inspector, User Behaviour Analytics (UBA), forensic analysis, alerts, reporting and agentless architecture in an on-premise platform.

Explore technology
Mitra Auditor Core Activity Intelligence Engine
Event Context Risk Evidence
UBADeviations per user
ForensicsIncident sequence
ReportingExportable evidence
Activity Inspector

Three ways to reconstruct activity.

The Inspector lets analysts approach activity from three complementary perspectives: timeline, relational graph and incident sequence. The goal is for the analyst to find context, not isolated events.

  • Timeline: detect spikes, sources and event concentration by date.
  • Relational graph: connect user, device, resource, origin and evidence in a single view.
  • Forensic sequence: reconstruct the incident path from the first event to the impact.
Correlated event Sensitive access with full context
01WhoJohn Smith

ACME\jsmith

02From whereacme-lt-023

Corporate workstation

03What they didSensitive folder access

11/05 · 08:28

04On which resourceacme-fs-01 / finance

File Server

05ResultSuccess

Validated event

06ImpactExfiltration preparation

Elevated risk

Forensic sequence From isolated event to actionable evidence
Login

User authenticated from corporate device.

Privileged change

Modification to a critical Active Directory group.

Sensitive access

Access to financial folder outside the usual pattern.

Anomalous volume

File operations 12x above the user's average.

UBA · User Behavior Analytics

User behaviour analytics.

Mitra Auditor learns how each user works: usual hours, devices, file volumes, paths, applications, email, SharePoint and desktop activity.

When it detects significant deviations — out-of-hours activity, paths never visited, simultaneous sessions or anomalous operation volume — it generates anomalies with risk scores and correlates them with other indicators to detect patterns such as exfiltration preparation, credential abuse or lateral movement.

  • Individual baseline per user and per activity source.
  • Risk score proportional to the deviation and its historical recurrence.
  • Automatic correlation of anomalies into risk sequences.
Monitored users104with calculated baseline
High risk3score ≥ 70
Active sequences5correlated
Operational users98baseline ≥ 60 days
John SmithACME\jsmith · acme.local
Risk score86
Out of hours1
New paths3
Operations12x
File volume
Access to new paths
Alert priority
Pattern detected: exfiltration preparation.

Top indicators

Simultaneous session7
New path accessed3
High file volume2
Unknown device1
Out-of-hours login1
Exfiltration preparationFinance · HR · SharePoint
Lateral movementacme-lt-023 → acme-fs-01
Compromised accountOut-of-pattern access
Integrated Forensic Analysis

From isolated event to complete sequence.

Mitra Auditor correlates events across identity, sessions, files, databases and Microsoft 365 to reconstruct actor, origin, actions, affected resources and impact.

01Anomalous loginUnknown origin
02Sensitive accessUnusual paths
03Volume 12xBulk operations
04EvidenceSequence ready
Alerting Engine

Immediate detection of critical actions.

Define rules by module, user, device, action, time range, origin or activity threshold. Alerts are not noise: they arise from contextualised events and patterns that matter.

  • Critical changes to privileged groups.
  • Bulk accesses to sensitive folders.
  • Activity outside office hours or from unknown devices.
IFUser out of hours
ANDPaths never visited
ANDVolume 10x usual
THENPriority alert
Compliance Reporting

Reports ready for audit, committee or regulatory notification.

Predefined reports by regulation, data source and activity type. Executive dashboards, advanced filters, PDF/CSV export and evidence prepared for external audit.

Predefined reportsGDPR, ENS, ISO 27001, NIS2 and critical activity by source.
Advanced filtersUser, device, resource, period, action, source and severity.
Export and deliveryPDF, CSV and scheduled delivery to stakeholders or auditors.
Drill-down to eventFrom executive summary to the technical detail that underpins the evidence.
Executive overview Critical activity by source
Active Directory File Server Microsoft 365
ComplianceGDPR · ENS · ISO · NIS2

Evidence filtered by period, user, resource and action.

DeliveryPDF · CSV · Scheduled

Exportable reports deliverable to internal stakeholders or external auditors.

Agentless architecture

On-premise. No permanent agents. Your evidence stays inside.

Mitra Auditor deploys in your infrastructure and connects to native sources. Your audit data stays inside the organisation.

Mitra Auditor Server
Native connectors
ADLogsNASBBDDO365
Normalisation · UBA · Forensics · Reporting

Want to see this technology running on your infrastructure?

Request a technical demo and see how Mitra Auditor turns scattered activity into actionable evidence.