Introducing StealthAUDIT 11.5! Complete your cloud security puzzle. LEARN MORE
Stealthbits

INSIDER THREAT SECURITY BLOG

And other things that keep you up at night

Blog >Stealthbits ProTip

Browsed By
Category: Stealthbits ProTip

STEALTHbits ProTip, STEALTHbits Blog

Stealthbits ProTip: Filter out Event Noise with Stealthbits File Activity Monitor (SFAM)

Stealthbits File Activity Monitor The Stealthbits File Activity Monitor has multiple configuration options to filter out noisy event operations from file servers. For example, Windows® native logs are typically big offenders when it comes to logging these noise events, creating more than 200 log entries when a user creates, reads, modifies, and then saves a file. The sFAM utility filters those operations into a more human-readable, event audit trail for those file operations. The sFAM uti…

Stealthbits ProTip: 23 NYCRR 500 Compliance

While we here at Stealthbits can’t help our customers with the personal part of 23 NYCRR 500 Compliance, we can make it easy to identify the reports that help with Section 500’s access and activity pieces. Starting with version StealthAUDIT v8.0 we’ve introduced report tagging, allowing you to easily organize the reports that are important to you. These can be named as desired, typically by their associated compliance standard. For this month’s ProTip I’ll be using the tag, ’23NYCRR500′. Fi…
STEALTHbits ProTip, STEALTHbits Blog

Stealthbits ProTip: 3 Steps to Control Local Administrator Access

Controlling Local Administrator Access Local administrative access is necessary for IT staff to perform tasks like installing software and fixing server and desktop issues. Often users outside IT also end up with local admin rights so they too can install software on their own machines or make other configuration changes. However, many organizations lack processes for monitoring and maintaining the local admin groups that control these rights. This gap creates a serious security risk. All it …
STEALTHbits ProTip, STEALTHbits Blog

Stealthbits ProTip: Where did my file go?: Stealthbits File Activity Monitor

In the first “Where did my file go?” post, we discussed locating files using StealthAUDIT’s Access Information Center. Now, with the STEALTHbits File Activity Monitor in place, this same question can be answered in real-time directly within the console. Not only can we identify what happened to a file, we can even show you where it ended up.  First, start a New Activity Search within the STEALTHbits File Activity Monitor by either pressing Ctrl+F or select the magnifying glass located in the…
STEALTHbits ProTip, STEALTHbits Blog

Stealthbits ProTip: Model Access Changes with Confidence

Modeling access changes before enabling them allows you to clean up access with confidence. The Access Information Center makes this simpler than ever with easy-to-understand visuals and the ability to commit these changes on the spot. First, we’ll look at the Effective Access report on my PreSales Engineering Share. As you can see, Chris still has access although his account is disabled. In this situation, I want to clean up access to this one resource without impacting any other intended…
STEALTHbits ProTip, STEALTHbits Blog

Stealthbits ProTip: Maximize Your StealthAUDIT Investment with Reporting

Utilizing StealthAUDIT Reporting This month I’d like to touch on a fairly unknown usability feature within StealthAUDIT. The Reports Only mode allows the console to be run without risk of triggering any collections or affecting any already existing data sets. There is an underused (but very useful) command line switch that allows you to run StealthAUDIT so that it can only generate reports. When run in Reports Only mode the Query, Analysis, and Action functions will be disabled. From t…

Stealthbits ProTip: Defending Against Ransomware in 2017

With the close of 2016 approaching, I looked back and realized that Ransomware could have been the subject of my ProTip every month this year! Not only has it been regularly grabbing headlines throughout the last twelve months, but I’m sure 2017’s threat-surface will be subject to even more attacks. And while I’ve already provided tips on ransomware twice, this time I’d like to talk about the methodology behind a competent defense as we close out 2016. Credential Abuse: this is the drum we b…
STEALTHbits ProTip, STEALTHbits Blog

Take Action Against Ransomware

After identifying nefarious activity on your file servers, whether it’s massive data theft or activity associated with ransomware, taking action is the next step. StealthINTERCEPT v4.0 now gives us the tools to automatically Lockdown those critical file areas once the rule for the File System Attacks Analytic is met. Let’s get started. First, we need to select the File System Attack Analytic, then select the Configure icon: Once the Configure Analytics window is open you will see “E…
STEALTHbits ProTip, STEALTHbits Blog

Increase Insight into Your Active Directory Environment

StealthAUDIT for Active Directory provides reporting features that give you great insight into your directory environment, but is there more usable information in a report than what is displayed by default? Yes. Most StealthAUDIT Jobs collect and record additional information that is not necessarily included in the default presentation of reports. However, recent improvements to the report interfaces make both filtering on, and utilization of, this data more accessible. Let’s use our St…

Stealthbits ProTip: Identifying Non-Owner Exchange Activity

Need visibility into the mailbox activity by anyone other than the owner of a specific mailbox? In this ProTip, you will learn how to view Exchange Activity within StealthINTERCEPT and how to scope the policy to view only Non-Owner activity. Once you are licensed for Exchange Activity, you will need to ensure that you have agents deployed to all Exchange Role Hosts (HUB, CAS, & MBX). This is done by selecting the hosts to which you need to deploy the agent and selecting the Exchange Serv…

Subscribe

DON’T MISS A POST. SUBSCRIBE TO THE BLOG!

 

Loading

© 2021 Stealthbits Technologies, Inc.

Start a Free Stealthbits Trial!

No risk. No obligation.

FREE TRIAL