Detecting Information Grabs of Confidential Documents in SharePoint


More and more information resides in SharePoint and more and more of that information is confidential, ranging from HR data, customer records, financial information or sensitive information that you don’t want to end up on WikiLeaks.
So how do you detect a Snowden-style information grab?
In this webinar we will explore how to use the SharePoint audit log to create an audit trail of when users access sensitive areas of SharePoint sites. I’ll show you how to configure SharePoint audit policy and then demonstrate the events and reports that SharePoint produces natively.
But then we’ll take it a step further and discuss methods for recognizing abnormal access patterns in SharePoint audit events.
Areas we’ll cover include:
  1. How to audit all view access for a given site collection
  2. How to limit view auditing to documents only in order to eliminate massive amounts of “page view noise”
  3. How to report on document view access from within SharePoint
  4. How to connect SharePoint to your log management/SIEM solution
  5. Abnormal access patterns
  6. How to automatically manage audit policy on new site collections as they are created
  7. How to safely purge SharePoint’s internal audit log after exporting to your SIEM
This will be a satisfyingly technical, real training for free™ event, so don’t miss it.
Please register now!


Additional Resources