I don't think CA does collect native Windows event log.
Quest provides two products: CA and InTrust.
1. CA generates own log for each platform or type (AD, Exchange, Windows OS, SQL, Logons)
2. InTrust collects "untempered" native logs generated by the platform (Windows Event Log, etc.) and stores them in \\Repository in zipped encrypted format for long time (even if DC Security Log is 95% of junk events)
CA and InTrust both complement each other.
In general customer might start audit solution with CA as "quick win" and later explore the audit needs and discover that InTrust is needed.
I don't think CA does collect native Windows event log.
Quest provides two products: CA and InTrust.
1. CA generates own log for each platform or type (AD, Exchange, Windows OS, SQL, Logons)
2. InTrust collects "untempered" native logs generated by the platform (Windows Event Log, etc.) and stores them in \\Repository in zipped encrypted format for long time (even if DC Security Log is 95% of junk events)
CA and InTrust both complement each other.
In general customer might start audit solution with CA as "quick win" and later explore the audit needs and discover that InTrust is needed.