Some activities cause lots of auditing records to be generated and, most of the time, it's just noise. For example, a 'Find in Files' will open and read every file that is being searched, which could be thousands of files.
We define this as an Audit Storm.
An audit storm occurs when the same user generates 100 or more file operations within 30 seconds. Another example is when a user copies several folders that contain many files.
To limit this noise, FileSure can automatically avoid an audit storm by temporarily excluding that user from the auditing rule until the storm is over, and then reactivating that user account in the rule.
By filtering out audit storms, FileSure is able to reduce the amount of noise that gets recorded.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment