NETIKUS.NET Support Forums
It looks like you're new here. If you want to get involved, click one of these buttons!
EventSentry Admin Assistant
Gateway IP Monitor
EventSentry SysAdmin Tools
EventSentry [Web Reports]
How to count changes for auditing Windows file change per user
How to count changes for auditing Windows file change per user.
I would like to determine baseline max. changes for configuring Eventsentry against ransomware with Windows Auditing and Event ID 4663.
Thanks in advance,
You can do this by (temporarily) creating a file access tracking package which will normalize all 4663 events recorded by a monitored host.
Simply click on "Compliance Tracking" under "Packages" and create a new package. Assign the package accordingly.
Then, add the "File Access" object to it. Configure that object for "Track all file access activity" and click the "Configure" button to customize it (this is to filter out unwanted data).
Then simply push the configuration to the target hosts and wait until some file access activity has been generated. You can then view file access tracking data in the web reports under "Compliance -> File Access", similar to here:
The summary page already shows you the data grouped by various properties, such as the user name, but you can click the blue header columns as well to get more detailed reporting.
Forum Software Powered by Vanilla