Browsed by
Author: jeff-forsyth

Jeff is a Senior Engineer at STEALTHbits.
ProTip: StealthINTERCEPT Health Monitoring

ProTip: StealthINTERCEPT Health Monitoring

StealthINTERCEPT provides great threat hunting capabilities, so naturally, the health of our systems is paramount.  StealthINTERCEPT Health Alerts give us the information we need to ensure we keep getting the data we care about. Agent connectivity is my main concern, although SI Agents will cache a fair amount of events, I want to get them communicating again ASAP to prevent any delay in my security awareness.  Our first step is to navigate to our alerts controls located in the top…

Read More Read More

ProTip: StealthAUDIT Data Views for SQL Sensitive Criteria Matches

ProTip: StealthAUDIT Data Views for SQL Sensitive Criteria Matches

With our focus on SQL Attacks this month, I naturally think about what data is being attacked as well.  StealthAUDIT’s SQL Solution Set can show us a lot of valuable information but collects even more than what immediately shows. StealthAUDIT Data Views are my go-to tool when I want advanced manipulation of data for an export.  Some of these are immediately available, and others must be “turned on” for viewing in the job tree. First, an analysis must be configured;…

Read More Read More

STEALTHbits ProTip: Advanced StealthINTERCEPT Alerting

STEALTHbits ProTip: Advanced StealthINTERCEPT Alerting

  With each iteration, StealthINTERCEPT shows more value to our customers.  StealthINTERCEPT 5.0’s AD Security focused data means alerting will become even more essential, and those alerts should contain what’s important to you.  Let’s take a moment to learn how your organization can configure and benefit from StealthINTERCEPT 5.0 Notifications. First, navigate to the Alerts section found under Configuration > Alerts:   Once in the System Alerts section, click on the Email tab and toggle the slider in the top…

Read More Read More

STEALTHbits ProTip: Role Based Access for Web Reporting in StealthAUDIT v8.1

STEALTHbits ProTip: Role Based Access for Web Reporting in StealthAUDIT v8.1

This time of year is typically a time of giving, and I am here to give the gift of report security!  StealthAUDIT v8.1 has new data to discover, and new report management to keep that data secure. Version 8.1 of StealthAUDIT now equips users with Role Based Access (RBA) to control who has access to reports from the Web Console.  This is a great way to isolate reports to only the users who should be able to see the sensitive…

Read More Read More

STEALTHbits ProTip: StealthAUDIT’s Sensitive Data Discovery for Compliance

STEALTHbits ProTip: StealthAUDIT’s Sensitive Data Discovery for Compliance

With compliance standards driving more and more organizations to directly tag their data, StealthAUDIT’s Sensitive Data Discovery allows you to easily locate and understand the data that was important enough to tag in the first place. The configuration for sensitive data discovery is located within the Criteria Editor.  To get there navigate the Job Tree to the 1-SEEK System Scans job located in Jobs > FileSystem > 0.Collection.  Open the Query Properties as shown below: From here, select SDD Audit Criteria…

Read More Read More

STEALTHbits ProTip: 23 NYCRR 500

STEALTHbits ProTip: 23 NYCRR 500

While we here at STEALTHbits can’t help our customers with the personal part of 23 NYCRR 500, we can make it easy to identify the reports that help with Section 500’s access and activity pieces. Starting with version StealthAUDIT v8.0 we’ve introduced report tagging, allowing you to easily organize the reports that are important to you. These can be named as desired, typically by their associated compliance standard. For this month’s ProTip I’ll be using the tag, ’23NYCRR500′. First, we need to…

Read More Read More

STEALTHbits ProTip: Where did my file go?: STEALTHbits File Activity Monitor

STEALTHbits ProTip: Where did my file go?: STEALTHbits File Activity Monitor

In the first “Where did my file go?” post, we discussed locating files using StealthAUDIT’s Access Information Center. Now, with the STEALTHbits File Activity Monitor in place, this same question can be answered in real-time directly within the console. Not only can we identify what happened to a file, we can even show you where it ended up.  First, start a New Activity Search within the STEALTHbits File Activity Monitor by either pressing Ctrl+F or select the magnifying glass located in…

Read More Read More

Configure Criteria to Meet Compliance Standards

Configure Criteria to Meet Compliance Standards

With the EU General Data Protection Regulation (GDPR) looming, it is important to understand how to configure groups of criteria to the compliance standards your organization is concerned about most. StealthAUDIT’s Sensitive Data Discovery allows you to identify file content that matches your set criteria. This can be done for keywords or regular expressions, as well as groups of any of those criteria sets. The configuration for this is found within the Criteria Editor. To get there navigate the Job…

Read More Read More

STEALTHbits ProTip: Model Access Changes with Confidence

STEALTHbits ProTip: Model Access Changes with Confidence

Modeling access changes before enabling them allows you to clean up access with confidence. The Access Information Center makes this simpler than ever with easy-to-understand visuals and the ability to commit these changes on the spot. First, we’ll look at the Effective Access report on my PreSales Engineering Share. As you can see, Chris still has access although his account is disabled. In this situation, I want to clean up access to this one resource without impacting any other intended…

Read More Read More

STEALTHbits ProTip: Maximize Your StealthAUDIT Investment with Reporting

STEALTHbits ProTip: Maximize Your StealthAUDIT Investment with Reporting

This month I’d like to touch on a fairly unknown usability feature within StealthAUDIT. The Reports Only mode allows the console to be run without risk of triggering any collections or affecting any already existing data sets. There is an underused (but very useful) command line switch that allows you to run StealthAUDIT so that it can only generate reports. When run in Reports Only mode the Query, Analysis, and Action functions will be disabled. From the command line, first…

Read More Read More

Start a Free StealthAUDIT® Trial!

No risk. No obligation.

Privacy Preference Center

Necessary

Advertising

Analytics

Other