Introducing StealthAUDIT 11.5! Complete your cloud security puzzle. LEARN MORE
Stealthbits

INSIDER THREAT SECURITY BLOG

And other things that keep you up at night

Blog >Stealthbits ProTip

Browsed By
Category: Stealthbits ProTip

Stealthbits ProTip | Stealthaudit

PROTIP – How to Purge Data in StealthAUDIT

If you have been using StealthAUDIT for your data access governance (DAG) and compliance needs, then you have likely come across situations where you would like to purge data pertaining to a specific host being monitored. In addition, when you upgrade to a newer release of StealthAUDIT, there might be a need to drop all the tables related to a specific job. While the StealthAUDIT back-end database uses SQL Server with a published and open data model, it is not advisable to delete data or d…

PROTIP – Fulfill a DSAR with StealthAUDIT 11.0

A Data Subject Access Request (DSAR), a common term amongst data privacy regulations, is an individual’s right to request information on personally identifiable information (PII) an organization has gathered about them, how that organization is using that data, and who that data has been shared with. Responding to a DSAR could be a daunting task for organizations, which often lack the necessary plumbing to be able to identify exactly where a given individual’s PII exists within their environm…

Best Practices – Setting up StealthAUDIT SQL Server Database

If you decided to implement StealthAUDIT to meet your data access governance and security needs, then you made the right decision.  StealthAUDIT core requires a SQL Server database to store the audited data, configuration settings, and certain historic data.  In this blog, I will review some of the best practices when it comes to setting up the SQL Server database to be used by StealthAUDIT.  This blog is not intended to replace the StealthAUDIT Installation Guide, but rather s…

ProTip: How to Setup User Activity & Server Logon Scan in StealthAUDIT for Oracle

Now that you have been using StealthAUDIT for Oracle for a while, you might be wondering how to squeeze more value out of the product by enhancing the information it is collecting and reporting on.  StealthAUDIT for Oracle relies on the Oracle Traditional Auditing or Unified Auditing capabilities to collect and report on user activity, as well as successful or unsuccessful server or database logon activity. Neither Traditional Auditing nor …

Pro Tip – StealthINTERCEPT DB Maintenance Best Practices

It is important to monitor the size of the NVMonitorData SQL database that is used by StealthINTERCEPT (SI) to store the event data it collects. In production environments, the event dataset can grow significantly over time.  If left unchecked this DB growth will lead to excessive disk space usage and slowing performance over time inserting new event data.  In addition, users can encounter slow performance reporting data via either the SI Console or the Web Reporting modul…

PROTIP: Policy Registration & Managing StealthINTERCEPT via PowerShell and Editing StealthDEFEND Investigations & Categorizing Playbooks

There are actually four (4) ProTips in this blog (Click below to go to one you want): Multiple Policy Registration in StealthINTERCEPTManaging StealthINTERCEPT via PowerShellEditing StealthDEFEND Investigations the Lazy WayCategorize StealthDEFEND Playbooks to Reduce Clutter Multiple Policy Registration in StealthINTERCEPT The capability has long existed in StealthINTERCEPT to have a single policy with multiple event registrations.  There are particular situations when you need …

PROTIP: How to Update the “Have I Been Pwned” (HIBP) Breach Dictionary in StealthINTERCEPT Enterprise Password Enforcer and StealthAUDIT

ALERT: If you are NOT a StealthINTERCEPT Enterprise Password Enforcer or StealthAUDIT customer, view this blog for greater relevance and a more appropriate read. With 34% of people saying they share passwords with coworkers1 and 62% reusing the same password for work and personal accounts2, the importance of checking passwords is paramount. Last Friday (June 19, 2020) we saw our first update to the “Have I Been Pwned” (HIPD) database in almost 12 months.  The dat…
Stealthbits ProTip

Protip: How to Setup User Activity & Database Logon Scans in StealthAUDIT for Oracle

StealthAUDIT for Oracle can monitor database user activity in all your Oracle databases. In addition, it can also enumerate and report on user permissions, database configuration, conduct a vulnerability assessment and can help you discover and report on sensitive data stored in your Oracle databases. StealthAUDIT Oracle activity monitoring can audit all types of database activity. Such as the type of SQL statement executed, changes to data, username, application, execution time, etc., Ste…

ProTip – The Power of Character Substitution Checks in StealthINTERCEPT Enterprise Password Enforcer

I have had the benefit of visiting a number of customers to understand how they use our products. Specifically, how they use the breach password dictionary in StealthINTERCEPT Enterprise Password Enforcer. Many actively manage their breach password database to prevent breached passwords from use.  In reviewing these password databases, I noticed many contained entries with multiple variations of a single word.  Essentially, they were manually adding character substitution or “leetspeak.” F…

Protip: How to Setup User Activity & Server Logon Scan in StealthAUDIT for SQL

Now that you have been using StealthAUDIT for SQL for a while, you might be wondering how to squeeze more value out of the product by enhancing the information it is collecting and reporting on.  StealthAUDIT for SQL relies on native SQL server auditing capabilities to collect and report on user activity, as well as successful or unsuccessful server or database logon activity.  As a result, you will need to adjust some additional configuration options within SQL to ensure you ca…

Subscribe

DON’T MISS A POST. SUBSCRIBE TO THE BLOG!


Loading

© 2022 Stealthbits Technologies, Inc.

Start a Free Stealthbits Trial!

No risk. No obligation.

FREE TRIAL