Exploring Windows File Activity Monitoring with the Windows Event Log
Hi everyone, I am back to blogging, now as part of the Varonis team. This time exploring Windows file activity monitoring with the Windows Event Log.
One might hope that Microsoft would provide straightforward and coherent file activity events in the Windows event log. The file event log is important for all the usual reasons – compliance, forensics, monitoring privileged users, and detecting ransomware and other malware attacks while they’re happening. A log of file activities seems so simple and easy, right? All that’s needed is a timestamp, username, file name, operation (create, read, modify, rename, delete, etc.), and a result (success or failure).
But this is Microsoft. And they never, ever do anything that’s nice and easy....
More on the Varonis Blog