The release of the highly anticipated STEALTHbits Activity Monitor 3.0 brings some new and innovate features and functionality, which users will appreciate. The addition of SharePoint activity support will instantly add value to existing SharePoint solutions through the receiving of activity information in StealthAUDIT reports along with the ability to send real-time SharePoint events over to a SIEM device. Also included in the STEALTHbits Activity Monitor 3.0 release is support for Nasuni monitoring, which joins an extensive list of supported storage platforms. I have highlighted other features that add valuable functionality in the product. If you currently are an end user of our STEALTHbits File Activity Monitor 2.5, this upgrade path is very straightforward and deploying the agents to this upgrade is a quick and painless process.
Selective Operations Filtering
This feature allows for the filtering out of specific file or directory operations that need to be monitored. The added support for this level of filtering will assist with event consolidation with users who utilize the Activity Monitor with a SIEM vendor. Another addition in this new “Operations” tab is the option to suppress subsequent read operations in the same folder and the ability to suppress permission change operations with reordered ACL. This added feature will help consolidate event traffic being sent over to your SIEM device.
Filtering of Office Temp Files
Understanding the way that Office works, we realize that there could be a lot of added noise when monitoring events. The ability to filter out the temp files really helps assist in consolidating traffic and eliminating extra noise that you could be analyzing on the Syslog server or in a machine learning product like StealthDEFEND.
SharePoint Activity Monitoring
Activity monitoring for SharePoint will identify when:
- A document was checked out.
- A document was checked in.
- An object was deleted.
- An object was updated.
- A child object was deleted.
- An object was undeleted.
- A search operation was performed.
- A child object was moved.
- A security group was created.
- A security group was deleted.
- A security principal was added to a security group.
- A security principal was removed from a security group.
TCP Support for Syslog
STEALTHbits Activity Monitor 3.0 can be configured to use a TCP connection when sending Syslog messages to the Syslog Server. This feature is really helpful with ensuring mission-critical data is arriving safely and being delivered in a reliable manner.
Learn more about STEALTHbits Activity Monitor 3.0 by visiting our website: https://www.stealthbits.com/stealthbits-activity-monitor-product
Don’t miss a post! Subscribe to The Insider Threat Security Blog here:
Dan is a Presales Engineer at STEALTHbits Technologies. Prior to moving over to Presales, Dan worked as a Technical Product Manager.