One of the reasons that auditing noise is such a problem is that you can’t easily designate exactly what you’re interesting in and are instead forced to ‘watch everything’.
For example, let’s say you want to record people reading Acrobat (PDF) files in a certain folder. To make it more interesting, you also only want to record when they do it after-hours.
To do this with native tools, you could turn on file auditing on every PDF in the target folder, but that’s very cumbersome if there a lot of files or if new files are being created. The other, less onerous, option would be to turn on auditing for the entire folder. The problem with that approach is that you will pick not just PDF files but everything else in the folder too.
Both options have an additional problem of catching the unwanted accesses that occur during normal business hours.
FileSure allowing you to accurately define what you’re interested in with a combination of rule filters; in the above example, you would define a file filter like ‘D:\folder\*.pdf’ and then define a time slot filter to indicate when the rule should be active. You could make it even more targeted by excluding certain users, groups, process or even non-interesting files patterns.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment