ProTip: Make Use of the New Features in STEALTHbits Activity Monitor 3.0

ProTip: Make Use of the New Features in STEALTHbits Activity Monitor 3.0

The release of the highly anticipated STEALTHbits Activity Monitor 3.0 brings some new and innovate features and functionality, which users will appreciate. The addition of SharePoint activity support will instantly add value to existing SharePoint solutions through the receiving of activity information in StealthAUDIT reports along with the ability to send real-time SharePoint events over to a SIEM device. Also included in the STEALTHbits Activity Monitor 3.0 release is support for Nasuni monitoring, which joins an extensive list of supported storage platforms. I have highlighted other features that add valuable functionality in the product. If you currently are an end user of our STEALTHbits File Activity Monitor 2.5, this upgrade path is very straightforward and deploying the agents to this upgrade is a quick and painless process.

Selective Operations Filtering

This feature allows for the filtering out of specific file or directory operations that need to be monitored. The added support for this level of filtering will assist with event consolidation with users who utilize the Activity Monitor with a SIEM vendor. Another addition in this new “Operations” tab is the option to suppress subsequent read operations in the same folder and the ability to suppress permission change operations with reordered ACL. This added feature will help consolidate event traffic being sent over to your SIEM device.

STEALTHbits Activity Monitor 3.0, STEALTHbits Activiey Monitor 3.0 Selective Operations Filtering, Operations Filtering, File Activity Monitoring, Activity Monitoring

Filtering of Office Temp Files

Understanding the way that Office works, we realize that there could be a lot of added noise when monitoring events. The ability to filter out the temp files really helps assist in consolidating traffic and eliminating extra noise that you could be analyzing on the Syslog server or in a machine learning product like StealthDEFEND.

SharePoint, Sharepoint Activity Monitoring, Sharepoint Activity, STEALTHbits activity monitor 3.0

SharePoint Activity Monitoring

Activity monitoring for SharePoint will identify when:

  • A document was checked out.
  • A document was checked in.
  • An object was deleted.
  • An object was updated.
  • A child object was deleted.
  • An object was undeleted.
  • A search operation was performed.
  • A child object was moved.
  • A security group was created.
  • A security group was deleted.
  • A security principal was added to a security group.
  • A security principal was removed from a security group.

TCP Support for Syslog

STEALTHbits Activity Monitor 3.0 can be configured to use a TCP connection when sending Syslog messages to the Syslog Server. This feature is really helpful with ensuring mission-critical data is arriving safely and being delivered in a reliable manner.

TCP Support for Syslog, STEALTHbits Activity Monitor 3.0, Syslog Messaging, Syslog messages, Syslog

Learn more about STEALTHbits Activity Monitor 3.0 by visiting our website: https://www.stealthbits.com/stealthbits-activity-monitor-product 

Don’t miss a post! Subscribe to The Insider Threat Security Blog here:

Dan is a Presales Engineer at STEALTHbits Technologies. Prior to moving over to Presales, Dan worked as a Technical Product Manager.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Start a Free StealthAUDIT® Trial!

No risk. No obligation.