Real Time Alerts on inappropriate Access Events
Single Access Events
Real time alerts to predetermined events such as a file deletion, a denied access or monitoring a suspicious user or IP address, automatically triggers an email to selected recipients, enabling a quick reaction when necessary.
Mass Access Events
By monitoring the frequency of an access type to files and folders, the copying and deletion or movement of bulk files can also be detected and alerted on.
Alerts can be customized based on specific criteria, including:
Machine name & IP Address
Different access types
A user tried to open a file in ‘Read’ mode
A user tried to modify a file or folder
A user tried to delete a file or folder
A user tried to execute and executable file
A user try to modify a file attribute
A user tried to take ownership of a file or folder
An attempt to read or write the system access control list of the file. Generally this event means simply that a user displayed the properties of a file using Windows Explorer.
A user tried to change the permissions on the file or folder
Any other type of access event not defined as basic Windows events
Mass Access and Alteration Event Alerts
FileAudit can also send alerts for bulk file copying and mass file deletion or movement. This new type of alert monitors the frequency of an access type to files/folders performed by the same user.
Alerts can then be triggered when a user performs a number of accesses deemed beyond the tolerated threshold for a defined period of time.
Different mass access types
Bulk File Copying
When a significant number of read accesses are performed during a short period of time, the probability is that the user has executed a copy/paste file operation.
Bulk File Deletion Or Movement
When a significant number of deletions are performed during a short period of time, the user has either deleted or moved a number of files.
The alerts indicate the user name, source, the date and time of the violation as well as the alert parameters, making it easy to further investigate within FileAudit the full access history.
Alerts On Irregular Access Time
Minimize the risk from access outside of your regular working times by triggering alerts when files are accessed during non-business hours.
When configuring alerts, a new tab allows administrators to define, as additional criteria; the business days and hours during which access to the specified path is considered ‘normal/regular’ or the ‘established business hours’.
All access out of the hours configured in this tab will then be considered as ‘irregular’ and will trigger the alert if the other criteria are also satisfied.
Alerts can be specified for successful or unsuccessful access attempts, or both.
As well as emailing alerts, all alerts can also be viewed and modified with the FileAudit console.
With FileAudit Access Alerts, organizations can quickly identify inappropriate access that needs to be reviewed and remediated; significantly reducing the risk of internal threats.