File and FolderAccess Alerts

FileAudit e-mail alerts can be automatically and immediately triggered when specific access events are detected.

The events that trigger the alert can be defined, as can the recipient(s) and message content. With FileAudit an organization can instantly identify and remediate any access attempts that are not in line with their security and compliance policies.

Real Time Alerts on inappropriate Access Events

Single Access Events

Real time alerts to predetermined events such as a file deletion, a denied access or monitoring a suspicious user or IP address, automatically triggers an email to selected recipients, enabling a quick reaction when necessary.

Mass Access Events

By monitoring the frequency of an access type to files and folders, the copying and deletion or movement of bulk files can also be detected and alerted on.

Alerts can be customized based on specific criteria, including:

File and Folder
User
Access type
Access time
Access frequency
IP Address
Process name
Recipient

Different access types

Read

A user tried to open a file in ‘Read’ mode

Write

A user tried to modify a file or folder

Delete

A user tried to delete a file or folder

Execute

A user tried to execute and executable file

Write attributes

A user try to modify a file attribute

Ownership

A user tried to take ownership of a file or folder

System

An attempt to read or write the system access control list of the file. Generally this event means simply that a user displayed the properties of a file using Windows Explorer.

Permissions

A user tried to change the permissions on the file or folder

Other

Any other type of access event not defined as basic Windows events

Mass Access and Alteration Event Alerts

FileAudit can also send alerts for bulk file copying and mass file deletion or movement. This new type of alert monitors the frequency of an access type to files/folders performed by the same user.

Alerts can then be triggered when a user performs a number of accesses deemed beyond the tolerated threshold for a defined period of time.

Different mass access types

Bulk File Copying

When a significant number of read accesses are performed during a short period of time, the probability is that the user has executed a copy/paste file operation.

Bulk File Deletion Or Movement

When a significant number of deletions are performed during a short period of time, the user has either deleted or moved a number of files.


The alerts indicate the user name, source, the date and time of the violation as well as the alert parameters, making it easy to further investigate within FileAudit the full access history.

Alerts On Irregular Access Time

Minimize the risk from access outside of your regular working times by triggering alerts when files are accessed during non-business hours.

When configuring alerts, a new tab allows administrators to define, as additional criteria; the business days and hours during which access to the specified path is considered ‘normal/regular’ or the ‘established business hours’.

All access out of the hours configured in this tab will then be considered as ‘irregular’ and will trigger the alert if the other criteria are also satisfied.


  • Alerts can be specified for successful or unsuccessful access attempts, or both.
  • As well as emailing alerts, all alerts can also be viewed and modified with the FileAudit console.

With FileAudit Access Alerts, organizations can quickly identify inappropriate access that needs to be reviewed and remediated; significantly reducing the risk of internal threats.