SharePoint Auditing - Bridging the Gap with LOGbinder SP

I created LOGbinder SP to make the native SharePoint auditing capability practical for compliance, security monitoring and SIEM integration. If you are new to SharePoint Audit Logging click here.

To use the native SharePoint audit log for compliance and enterprise security 5 issues needed to be addressed:

1. SharePoint's audit log does not provide the names of users or objects.  The SharePoint audit log fails to translate record IDs, meaning you have no idea what object or user to which a given event refers!  Click here for an example  of an audit event from SharePoint before being processed by LOGbinder SP.
2. SharePoint's audit log is buried in SharePoint's SQL server content database. To ensure the integrity of audit trails, logs must be moved from the system where they are generated to a separate and secure archive.  However in SharePoint, the audit log isn't really a log - it's a table in the SharePoint database.  This makes it inaccessible for most log management solutions.  Without the ability to collect the SharePoint audit log into a separate, secure log archive, its value as a high integrity audit trail is compromised.
3. SharePoint's audit log has no reporting.  In Windows SharePoint Services the log is totally inaccessible, and in Office SharePoint Services it's exposed through a few rudimentary, impractical reports in Excel.
4. Windows SharePoint Services provides no interface for enabling auditing at all.  The audit log is there, but without custom programming there's no way to turn it on, much less access the logs. 
5. SharePoint's audit log built-in trimming feature can delete audit events before they are exported. Somne editions of SharePoint provide automatic log trimming of old events but there is no way to ensure events have been archived first.

These issues caused me, Randy Franklin Smith, to design LOGbinder SP. LOGbinder SP translates the cryptic data in raw SharePoint audit entries and outputs the audit trail to the Windows security log where your SIEM/log management solution can take over with archival, alerting and report.

Next:

• Translating cryptic audit entries into easy-to-understand events
• Connecting SharePoint Audit to SIEM/Log Management

More information on LOGbinder SP:

Download LOGbinder SP Pricing Datasheet

System Requirements Frequently Asked Questions Events Monitored

Reports and Alerts Third Party Log Management/SIEM Solutions Compliance Guidance

 

Upcoming Webinars

Additional Resources Security Log Quick Reference Chart Security Log Resource Kit Learn about the SharePoint Audit Log Patch Tuesday Analysis Workstation Configuration Management

•	Cryptic Data
•	SIEM Integration