What's new in FileAudit 5
What's new in FileAudit 5.5 Beta
- New view - access events performed by a specific user. More info
- New view - access events performed on a specific path/file. More info
- New view - event details by double clicking in the event.
- New tool (FileAuditReporter) available in the installation folder to access archived databases.
- Ability to generate a scheduled report without sending it by mail.
- Ability to select the folder where the scheduled reports are saved to. More info
- Ability to keep the history of all scheduled reports. More info
- Ability to restart the FileAudit service when changing remote connection settings. More info
- Send notifications to Slack. More info
What's new in FileAudit 5.2
- Detect and display the machine name
- Filter access events by Active Directory Group
- Filter access events by object type
- Email notifications in case of a new FileAudit Service Event
- Detect and alert on server inactivity
- Support for Windows Server 2016
What's new in FileAudit 5.0
In addition to the IP address, FileAudit 5.2 now provides the machine name from which a user accessed a file/folder through the network. This further strengthens the identification of any access made to help attribute access to an individual user and identify potential suspicious activities.
A list of every access made from a specific machine name can be made using FileAudit’s filtering capabilities. Administrators can apply this criteria from the ‘File access view’. It is also possible to define a machine name as a selected criteria:
- to trigger specific access alerts
- for a scheduled report
FileAudit 5.2 has introduced a new filtering criteria that allows you to focus on access events for one or more Active Directory Groups.
From the FileAudit console, browse and identify Active Directory Groups to configure alerts, schedule reports or apply as a criteria from the ‘File Access Viewer’.
Group filters can be used to either exclude or include group members.
All accesses of Sales and Marketing group members will be displayed.
Accesses of Everyone except Marketing group members will be displayed.
Inclusion + exclusion example
All accesses of Sales group members will be displayed, except for users also members of Managers group.
If there are no common members betweenSales and Managers groups, it will include all Sales members. If all members of Sales are members of Managers, no data will be displayed.
With FileAudit 5.2, administrators can now have the option to distinguish between a file and folder.
You can apply this criteria from the ‘File access view’. Alternatively it can be used when configuring any access alerts or scheduling access reports.
This optimization helps keep your audit trail more meaningful.
Receive email alerts about issues that the FileAudit service has met.
Determine the type of alerts you want to be notified about: Error, Warning and Information.
An alert warns the administrator when FileAudit has not monitored a file access event for more than three consecutive days on a specific server. This alert is both on the FileAudit console and sent by email.
This can highlight to an administrator an issue that needs to be addressed — for example if the object access audit policy is disabled, the NTFS audit configuration is deleted or the security log is corrupted or misconfigured.
FileAudit 5.2 supports Windows Server 2016.
FileAudit now detects the IP address of the machine from which the file/folder access has been performed. When the access is performed directly on the file server hosting the file/folder accessed (local access), FileAudit displays in the column ‘Source’ the name of the process from which the user has accessed the file. When the file/folder is accessed through the network, this ‘Source’ column displays the IP address of the machine from which the user has performed the access.
A list of every access made from a specific IP address, and thus a specific machine, can be made using FileAudit’s filtering capabilities. Administrators can apply this criteria from the ‘File access viewer’.
It is also possible to define an IP address in the ‘Source’ field of the ‘Main’ tab:
- As a selected criteria to trigger specific access alerts,
- As a selected criteria for a scheduled report.
A new type of alert allows administrators to monitor the frequency of an access type to files/folders performed by the same user. Alerts can be triggered when a user performs a number of accesses deemed beyond the tolerated threshold for a defined period of time.
For example, this new type of alert allows administrators to be warned:
- That a user has performed more than 500 read accesses during 1 minute,
- That a user has deleted more than 200 files during 30 seconds,
Detect file copying
When a significant number of read accesses are performed during a short period of time, the probability is that the user has executed a copy/paste file operation. The alert indicates the user name, the date and time of the violation as well as the alert parameters, making it easy to further investigate within FileAudit the full access history.
When configuring alerts, a new tab allows administrators to define, as additional criteria, the business days and hours during which access to the specified path is considered as normal.
All access out of the hours configured in this tab will then be considered as abnormal and will trigger the alert if the other criteria are also satisfied.
Example of a week for which access to the designated files/folders will be considered as normal. If all criteria defined in the ‘Main’ tab are filled, the alert will be triggered if an access is performed before 8:00 AM or after 7:00 PM from Monday to Friday, or if an access is performed during the weekend.
- FileAudit now supports MySQL as database system.
- Choose the path(s) on which you want to displays access statistics and graphs in the ‘Statistics’ view amongst all the paths registered as audited.
- Add a corporate logo in the printed/exported reports.
- Check the availability of new versions, direct from the FileAudit Console.