Browsed by
Author: Jeff Forsyth

Jeff is a Senior Engineer at STEALTHbits.
STEALTHbits ProTip: 23 NYCRR 500

STEALTHbits ProTip: 23 NYCRR 500

While we here at STEALTHbits can’t help our customers with the personal part of 23 NYCRR 500, we can make it easy to identify the reports that help with Section 500’s access and activity pieces. Starting with version StealthAUDIT v8.0 we’ve introduced report tagging, allowing you to easily organize the reports that are important to you.  These can be named as desired, typically by their associated compliance standard.  For this month’s ProTip I’ll be using the tag, ’23NYCRR500′. First, we…

Read More Read More

STEALTHbits ProTip: Where did my file go?: STEALTHbits File Activity Monitor

STEALTHbits ProTip: Where did my file go?: STEALTHbits File Activity Monitor

In the first “Where did my file go?” post, we discussed locating files using StealthAUDIT’s Access Information Center. Now, with the STEALTHbits File Activity Monitor in place, this same question can be answered in real-time directly within the console. Not only can we identify what happened to a file, we can even show you where it ended up.  First, start a New Activity Search within the STEALTHbits File Activity Monitor by either pressing Ctrl+F or selecting the magnifying glass located in…

Read More Read More

Configure Criteria to Meet Compliance Standards

Configure Criteria to Meet Compliance Standards

With the EU General Data Protection Regulation (GDPR) looming, it is important to understand how to configure groups of criteria to the compliance standards your organization is concerned about most. StealthAUDIT’s Sensitive Data Discovery allows you to identify file content that matches your set criteria. This can be done for keywords or regular expressions, as well as groups of any of those criteria sets. The configuration for this is found within the Criteria Editor. To get there navigate the Job…

Read More Read More

STEALTHbits ProTip: Model Access Changes with Confidence

STEALTHbits ProTip: Model Access Changes with Confidence

Modeling access changes before enabling them allows you to clean up access with confidence. The Access Information Center makes this simpler than ever with easy-to-understand visuals and the ability to commit these changes on the spot. First, we’ll look at the Effective Access report on my PreSales Engineering Share. As you can see, Chris still has access although his account is disabled. In this situation, I want to clean up access to this one resource without impacting any other intended…

Read More Read More

STEALTHbits ProTip: Maximize Your StealthAUDIT Investment with Reporting

STEALTHbits ProTip: Maximize Your StealthAUDIT Investment with Reporting

This month I’d like to touch on a fairly unknown usability feature within StealthAUDIT. The Reports Only mode allows the console to be run without risk of triggering any collections or affecting any already existing data sets. There is an underused (but very useful) command line switch that allows you to run StealthAUDIT so that it can only generate reports. When run in Reports Only mode the Query, Analysis, and Action functions will be disabled. From the command line, first…

Read More Read More

STEALTHbits ProTip: Defending Against Ransomware in 2017

STEALTHbits ProTip: Defending Against Ransomware in 2017

With the close of 2016 approaching, I looked back and realized that Ransomware could have been the subject of my ProTip every month this year! Not only has it been regularly grabbing headlines throughout the last twelve months, but I’m sure 2017’s threat-surface will be subject to even more attacks. And while I’ve already provided tips on ransomware twice, this time I’d like to talk about the methodology behind a competent defense as we close out 2016. Credential Abuse: this…

Read More Read More

Take Action Against Ransomware

Take Action Against Ransomware

After identifying nefarious activity on your file servers, whether it’s massive data theft or activity associated with ransomware, taking action is the next step. StealthINTERCEPT v4.0 now gives us the tools to automatically Lockdown those critical file areas once the rule for the File System Attacks Analytic is met. Let’s get started. First, we need to select the File System Attack Analytic, then select the Configure icon: Once the Configure Analytics window is open you will see “Enable Automatic Lockdown” checkbox….

Read More Read More

Increase Insight into Your Active Directory Environment

Increase Insight into Your Active Directory Environment

StealthAUDIT for Active Directory provides reporting features that give you great insight into your directory environment, but is there more usable information in a report than what is displayed by default? Yes. Most StealthAUDIT Jobs collect and record additional information that is not necessarily included in the default presentation of reports. However, recent improvements to the report interfaces make both filtering on, and utilization of, this data more accessible. Let’s use our Stale Users report as an example. This report…

Read More Read More

STEALTHbits ProTip: Identifying Non-Owner Exchange Activity

STEALTHbits ProTip: Identifying Non-Owner Exchange Activity

Need visibility into the mailbox activity by anyone other than the owner of a specific mailbox? In this ProTip, you will learn how to view Exchange Activity within StealthINTERCEPT and how to scope the policy to view only Non-Owner activity. Once you are licensed for Exchange Activity, you will need to ensure that you have agents deployed to all Exchange Role Hosts (HUB, CAS, & MBX). This is done by selecting the hosts to which you need to deploy the…

Read More Read More

STEALTHbits ProTip: Where Did My File Go?

STEALTHbits ProTip: Where Did My File Go?

“Where did my file go?” With File System Activity in place for StealthAUDIT, this question can be answered easily within the Access Information Center. Not only can we identify what happened to the file, we can sometimes even show you where it ended up. The options menu while viewing an Activity Details Report in the AIC has a Target Path checkbox that, when enabled, can show moves and renames: *Due to monitoring limitations this can only be seen when the…

Read More Read More