STEALTHbits ProTip: Visibility with File Activity Monitoring

STEALTHbits ProTip: Visibility with File Activity Monitoring

StealthAUDIT’s File Activity Monitor enables our customers with great visibility into file activity within Windows and most NAS solutions. Although the Access Information Center makes understanding this information easy, SIEM can, at times, be the preferred way to view any and all activity.Enabling Syslog output requires first opening the STEALTHbits File Monitor and navigating to the Monitored Hosts tab. From there select ‘Edit’ for the host you wish to have send activity data to your SIEM. Go to the ‘Syslog’ tab in the agent properties window, and enter the required information as well as any desired syslog message template for formatting.
Monitored Host Tab
With that configured, stop then start the agent, and you’ll start sending file system activity to your SIEM as well.For our customers with QRadar, this will all be incorporated for our XForce app coming soon. This will provide users great views into activity right within your QRadar solution, making trending and even ransomware activity, easy to identify.
File Activity Dashboard

Don’t miss a post! Subscribe to The Insider Threat Security Blog here:

Leave a Reply

Your email address will not be published. Required fields are marked *

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Start a Free StealthAUDIT® Trial!

No risk. No obligation.