After identifying nefarious activity on your file servers, whether it’s massive data theft or activity associated with ransomware, taking action is the next step. StealthINTERCEPT v4.0 now gives us the tools to automatically Lockdown those critical file areas once the rule for the File System Attacks Analytic is met. Let’s get started.
First, we need to select the File System Attack Analytic, then select the Configure icon:
Once the Configure Analytics window is open you will see “Enable Automatic Lockdown” checkbox. Once checked, this option will place Perpetrators responsible for triggering this analytic into a Lockdown state for all paths selected within the policy:
Exercise caution when enabling this lockdown feature as it will prevent file/folder access for users triggering the analytic. After a review, there may be desire to re-grant access back to the locked-out Perpetrator. This can be done by selecting the “Modify Lockdown Perpetrators” hyperlink within the Configure Analytics window.
Users under Lockdown can be viewed and managed through this window. You now know the settings necessary to automate protection from unwanted levels of activity.
Don’t miss a post! Subscribe to The Insider Threat Security Blog here:
Jeff is a Senior Engineer at STEALTHbits.