StealthAUDIT’s File Activity Monitor enables our customers with great visibility into file activity within Windows and most NAS solutions. Although the Access Information Center makes understanding this information easy, SIEM can, at times, be the preferred way to view any and all activity.Enabling Syslog output requires first opening the STEALTHbits File Monitor and navigating to the Monitored Hosts tab. From there select ‘Edit’ for the host you wish to have send activity data to your SIEM. Go to the ‘Syslog’ tab in the agent properties window, and enter the required information as well as any desired syslog message template for formatting.With that configured, stop then start the agent, and you’ll start sending file system activity to your SIEM as well.For our customers with QRadar, this will all be incorporated for our XForce app coming soon. This will provide users great views into activity right within your QRadar solution, making trending and even ransomware activity, easy to identify.
Don’t miss a post! Subscribe to The Insider Threat Security Blog here: