We Tailor-Fit Our Solutions to Each of Our Clients
A common requirement for IT and security professionals is to monitor particular folders of interest in Windows for any file activity, such as creating, renaming, moving, deleting, or writing a file.
The traditional approach to this scenario is to apply an auditing policy to a Windows folder. This approach is relatively straightforward to set up and is scalable.
However, here is a preview of the events that are generated (see the image):
There’s plenty of data, but they’re quite difficult to decipher and still leave plenty of doubt in a user’s mind over what exactly happened to a given file.
CyberSift has released a (currently Windows-only) agent which monitors file system activity and generates easy-to-understand events. Compare and contrast the native Windows events displayed above to the following events that are produced when the Tutela Event Generator is installed (see the image):
The events generated are much easier to use in ascertaining what happened and contain the most useful pieces of information:
Which file was modified?
Which process carried out the change?
Which user carried out the change?
What was the operation executed on the file?
(in Windows, moving a file is a special case of renaming the file)