Variable of folder monitored with File Monitoring

edited December 2015 in EventSentry [General]
Hello,

is there a variable of the folder monitored with File Monitoring to use with e.g. a batch script?

Thorsten

Comments

  • Hi Thorsten,

    Are you trying to pass the name of the folder where the file change occurred to a batch script you are calling every time a file change occurs?


    Ingmar.
  • edited December 2015
    Hi Ingmar,

    I want to run a script after a threshold (checksum) to block access to folder configured for monitoring, no matter in which subdirectory the changes occured (ransomware etc.).

    Thorsten
  • Hi Thorsten,

    I apologize for the delay in getting back, there was an issue with our notification script so we couldn't see the updates on this post.

    When the threshold event is generated you will unfortunately loose any content from the actual events, and you would only be able to use data from the actual threshold event (e.g. the filter name) as a variable.

    A work-around would be to configure the threshold to include the "first" event after it is exceeded, this would give you complete access to the all insertion strings in the event.

    Here are some links that should help:

    http://www.eventsentry.com/blog/2016/03/defeating-ransomware-with-eventsentry-auditing.html

    www.eventsentry.com/documentation/help/html?configvariablesdetails.htm
Sign In or Register to comment.