STEALTHbits ProTip: Where Did My File Go?

STEALTHbits ProTip: Where Did My File Go?

“Where did my file go?” With File System Activity in place for StealthAUDIT, this question can be answered easily within the Access Information Center.

Not only can we identify what happened to the file, we can sometimes even show you where it ended up. The options menu while viewing an Activity Details Report in the AIC has a Target Path checkbox that, when enabled, can show moves and renames:

Where Did My File Go - ProTip- Target Path

*Due to monitoring limitations this can only be seen when the move is to a location on the same host.

If someone has a suspected drag-and-drop file loss within the same host, now you can simply search for the filename within the drop-down search feature:

Where Did My File Go - ProTip- Dropdown

These drop-down searches are available throughout most of the AIC’s data views, not just for activity as shown here. This way your searching is not limited merely to Resource Views – you can also search by a user’s activity as well.

Don’t miss a post! Subscribe to The Insider Threat Security Blog here:

Leave a Reply

Your email address will not be published. Required fields are marked *

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Start a Free StealthAUDIT® Trial!

No risk. No obligation.