Audit Windows Shared Folders Test
Audit File Share allows you to audit events related to file shares: creation, deletion, modification, and access attempts. Also, it shows failed SMB SPN checks. The target Microsoft File server allows enterprises to store data in multiple folders and share the stored data among multiple users. auditing is important to ensure data security. Tracking file/folder creation and deletion of files/folders in the folders that are shared among multiple users is mandatory for administrators to keep tabs on the files/folders present in the file server and ensure data security. If a file/folder in the shared folders on the target server is deleted either by unauthorized users or accidently by authorized users, other users can not access vital information in those files/folders. This in turn, can disrupt critical business operations and can even cause the business-critical processes to come to a halt. This is why, it is important for administrators to continuously monitor deletion operations perfomed on the shared folders to prevent unauthorized deletions and ensure better data security. The Audit Windows Shared Folders test can help administrators in this regard!
This test auto-discovers all shared folders on the Microsoft File server and for each shared folder, reports the number of succesful and failed delete events logged in the Security event log. In addition, the detailed diagnosis provided by the test sheds light on the details of the delete events and status, the user who performed the activity, name of the shared folder and affected path, date and time of the event. This helps administrators to keep a track on the delete events to ensure data security and also to easily detect and investigate malicious or erroneous file deletions on the target file server.
Target of the test : A Microsoft File server
Agent deploying the test : An internal/remote agent
Outputs of the test : One set of results for every shared folder on the file server that is being monitored.
| Parameters | Description |
|---|---|
|
Test period |
This indicates how often should the test be executed. |
|
Host |
The host for which the test is to be configured. |
|
Shared Folders |
To monitor the shared folders in the Microsoft file server, eG agent needs to be configured with the shared folders available on the file server that is to be monitored. For this, click on the + icon given, and then add the shared folders that need to be monitored from the Available shared folders list to the Associated shared folders column, and then click Update. Before monitoring the shared folders, a set of pre-requisites explained in the How to Enable and Configure Audit Settings on Microsoft File Server? should be fulfilled. |
|
Is DD Required for Success |
By default, this flag is set to Yes, indicating that detailed diagnosis is reported for Successful delete attempts measure. If you do not want this test to report detailed diagnosis for Successful delete attempts measure, then set this flag to No. |
|
Is DD Required for Failure |
By default, this flag is set to Yes, indicating that detailed diagnosis is reported for Failure delete attempts measure. If you do not want this test to report detailed diagnosis for Failure delete attempts measure, then set this flag to No. |
|
DD Frequency |
Refers to the frequency with which detailed diagnosis measures are to be generated for this test. The default is 1:1. This indicates that, by default, detailed measures will be generated every time this test runs, and also every time the test detects a problem. You can modify this frequency, if you so desire. Also, if you intend to disable the detailed diagnosis capability for this test, you can do so by specifying none against DD frequency. |
|
Detailed Diagnosis |
To make diagnosis more efficient and accurate, the eG Enterprise embeds an optional detailed diagnostic capability. With this capability, the eG agents can be configured to run detailed, more elaborate tests as and when specific problems are detected. To enable the detailed diagnosis capability of this test for a particular server, choose the On option. To disable the capability, click on the Off option. The option to selectively enable/disable the detailed diagnosis capability will be available only if the following conditions are fulfilled:
|
| Measurement | Description | Measurement Unit | Interpretation |
|---|---|---|---|
|
Successful delete attempts |
Indicates the number of events generated for delete attempts that are succesful in this shared folder. |
Number |
The detailed diagnosis of this measure, if enabled,gives the activity, status. username, Shared folder name, Relative path(file/folder affected), and Event date and time(mm/dd/yyyy hh:mi:ss). |
|
Failure delete attempts |
Indicates the number of events generated for delete attempts that failed in this shared folder. |
Number |
The detailed diagnosis of this measure, if enabled,gives the activity, status. username, Shared folder name, Relative path(file/folder affected), and Event date and time(mm/dd/yyyy hh:mi:ss). |
