crklosterman
3 Argentium

Re: Increasing unity security log for auditing file access

To be more specific, I wouldn't wish using .evt files on my very worst enemy.  It's at-best a stop-gap while you get approval to buy something better.  To get an idea of what I'm talking about, RDP into a windows server, and open the computer management MMC, and look at the security event logs.  Now imagine a scrolling log like that for every file access event, or modification or deletion.  That's why products like Varonis are so successful, because they can deal with the mountain of information that you'll get here, and help correlate and sort-through it.

~Chris

0 Kudos
Rainer_EMC
5 Osmium

Re: Increasing unity security log for auditing file access

I agree - Windows event files arent user-friendly

sure you can export, convert, feed into other apps - IF you have the programming skills and time

otherwise spend some money on a 3rd party product

sometimes there is no free lunch

I think there was a splunk module utilizing CEPA - but again splunk needs time and knowledge

more than just asking for a step-by-step on a forum

0 Kudos