Real Time Alerts on inappropriate Access Events
Single Access Events
Real time alerts to predetermined events such as a file deletion, a denied access or monitoring a suspicious user or IP address, automatically triggers an email to selected recipients, enabling a quick reaction when necessary.
Mass Access Events
By monitoring the frequency of an access type to files and folders, the copying and deletion or movement of bulk files can also be detected and alerted on.
Alerts can be customized based on specific criteria, including:
Machine name & IP Address
Different access types include
A user tried to open a file in ‘Read’ mode
A user tried to modify a file or folder
A user tried to delete a file or folder
A user tried to execute and an executable file
A user tried to modify a file attribute (E.g. Read only or Hidden Checkboxes)
A user tried to take ownership of a file or folder
A user tried to change the permissions on the file or folder
A user moved a file to another directory
A user copied a file
A user created a new file
A user renamed a file
A user shared a file to another user
Mass Access and Alteration Event Alerts
FileAudit can also send alerts for bulk file copying and mass file deletion or movement. This new type of alert monitors the frequency of an access type to files/folders performed by the same user.
Alerts can then be triggered when a user performs a number of accesses deemed beyond the tolerated threshold for a defined period of time.
Different mass access types
Bulk File Copying
When a significant number of read accesses are performed during a short period of time, the probability is that the user has executed a copy/paste file operation.
Bulk File Deletion Or Movement
When a significant number of deletions are performed during a short period of time, the user has either deleted or moved a number of files.
The alerts indicate the user name, source, the date and time of the violation as well as the alert parameters, making it easy to further investigate within FileAudit the full access history.
Alerts On Irregular Access Time
Minimize the risk from access outside of your regular working times by triggering alerts when files are accessed during non-business hours.
When configuring alerts, a new tab allows administrators to define, as additional criteria; the business days and hours during which access to the specified path is considered ‘normal/regular’ or the ‘established business hours’.
All access out of the hours configured in this tab will then be considered as ‘irregular’ and will trigger the alert if the other criteria are also satisfied.
Automated Response To Access Alerts
In addition to real-time monitoring and threat identification, something should happen to act on potential threats.
FileAudit can take immediate action to an alert, and not have to wait for IT to intervene. A customized script can be created and run whenever a specific alert is triggered.
Shut down a machine, logoff the user. Act on potential threats before any damage is done.
Alerts can be specified for successful or unsuccessful access attempts, or both.
As well as emailing alerts, all alerts can also be viewed and modified with the FileAudit console.
With FileAudit Access Alerts, organizations can quickly identify inappropriate access that needs to be reviewed and remediated; significantly reducing the risk of internal threats.
Request a personalized demo now
Discover how FileAudit can help you meet your needs.