Fleet Admiral
Fleet Admiral
903 views

Exploring Windows File Activity Monitoring with the Windows Event Log

Hi everyone, I am back to blogging, now as part of the Varonis team. This time exploring Windows file activity monitoring with the Windows Event Log.

One might hope that Microsoft would provide straightforward and coherent file activity events in the Windows event log. The file event log is important for all the usual reasons – compliance, forensics, monitoring privileged users, and detecting ransomware and other malware attacks while they’re happening. A log of file activities seems so simple and easy, right? All that’s needed is a timestamp, username, file name, operation (create, read, modify, rename, delete, etc.), and a result (success or failure).

But this is Microsoft. And they never, ever do anything that’s nice and easy....

More on the Varonis Blog

1 Reply
Lieutenant Commander Lieutenant Commander
Lieutenant Commander

@shezaf1

Nice Blog!!

~~ Keep Sharing ~~~

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.