SharePoint Audit Log - Alerting

We recommend alerting on security changes, especially:

  • Site collection administrator added
  • Audit policy changed
  • Audit entries deleted

Other candidates for alerting on high security sites include:

  • Audit policy changed on an individual object
  • Permission, role and group changes

SharePoint has no built-in alerting capability for audit events and we view this as rightly a function of SIEM/log management. My LOGbinder for SharePoint collector efficiently connects SharePoint auditing to your existing SIEM/log management solution. Don't have a SIEM? Visit our LOGbinder SIEM Synergy Partners page and see which companies have already integrated LOGbinder into their SIEM/log management solution.



Additional Resources