Connecting SharePoint Audit to SIEM/Log Management

LOGbinder for SharePoint is a small, efficient Windows service installed on any one of the servers in the SharePoint farm. It monitors the internal SharePoint audit log without making any changes to your SharePoint installation.

For each event, LOGbinder for SharePoint resolves the user and object IDs and other cryptic codes, producing an easy-to-understand, plain-English translation of the SharePoint audit event.

As illustrated on the right, the LOGbinder for SharePoint collector writes events to the Windows event log where any log management/SIEM solution can collect them and provide subsequent alerting, reporting, and archival.

We provide guidance on the events you should alert for reports that should be implemented and reviewed. We even provide compliance mappings to common control frameworks required by HIPAA, SOX, PCI, etc. Even better, for a growing number of log management solutions we even provide alert rules and report definition files ready to be imported into your installation - and we are working with SIEM vendors to include our SharePoint audit alerts and reports out of the box to make life even easier for users of LOGbinder for SharePoint. Download our Recommended Report and Alert Designs for LOGbinder for SharePoint.

But what if you don't already have such an infrastructure in place? No problem! We are working closely with many SIEM vendors to build alert rules and SharePoint audit reports directly into their SIEM solutions. Check to see if your SIEM vendor has been certified as one of our SIEM Synergy Partners.

More information on LOGbinder for SharePoint:


Additional Resources
    Cryptic Data
    SIEM Integration