SharePoint is home to loads of confidential, sensitive information but would you have any idea when
- Edward downloads an entire document library of thousands of case file documents?
- Alice, a site owner, accidentally gives everyone in the forest access to all your HR documents?
- A newly created and unrecognized administrator account is systematically viewing every site and library in your SharePoint farm?
More and more organizations are recognizing the need for their SIEM to gain visibility into the upper layers of the stack such as the database and application so that they can catch suspicious activities only visible at that level. A SIEM with just network and OS logs is like monitoring a city at street and building entry level. But what’s happening in all those buildings?
SharePoint is a great application to start with because it is a clearing house for sensitive unstructured data and a widely used workflow platform for critical business processes.
The good news is SharePoint has a built-in audit capability that allows you to track user activity, document and item access and security changes. The bad news is it’s not a traditional log file you can simply parse and ingest with your SIEM. It’s only accessible via a complicated server side API in .NET which we’ve implemented with LOGbinder for SharePoint.
In this real training for free ™ webinar I will cover:
- Configuring site collection audit policy
- Limiting view auditing to documents only
- Viewing SharePoint audit log reports
- Why audit log reports produced by SharePoint aren’t useful to SIEMs even if they were accessible
As you can see there are some challenges and gaps between SharePoint and your SIEM. So I will show you how to solve those problems and bridge the gap with the easy to setup middle-ware solution LOGbinder for SharePoint. I’ll show you how in 7 minutes you can ensure consistent audit policy across all your site collections and be analyzing SharePoint security activity in your SIEM.
Please join me for this real training for free ™ event.