locked
Detecting File Share Changes RRS feed

  • Question

  • Will ATA detect or scan for changes on file shares?  I’m assuming it strictly looks for server, workstation and user traffic

    Dean MCTS-SQL 2005 Business Intelligence, MCITP SharePoint 2010, MCSA Office 365

    Thursday, April 7, 2016 2:27 PM

Answers

  • Hi,

    ATA can only detect attacks/changes/communication via a PortMirror from/to the DC. If you have an share on another server, than ATA will only detect the communication with the DC but no direct communication with the "share" server. If the share in on your DC, ATA will also not detect the filetransfer itself.

    Regards

    • Marked as answer by Dean Gross Friday, April 8, 2016 9:05 AM
    Friday, April 8, 2016 6:06 AM

All replies

  • Hi,

    ATA can only detect attacks/changes/communication via a PortMirror from/to the DC. If you have an share on another server, than ATA will only detect the communication with the DC but no direct communication with the "share" server. If the share in on your DC, ATA will also not detect the filetransfer itself.

    Regards

    • Marked as answer by Dean Gross Friday, April 8, 2016 9:05 AM
    Friday, April 8, 2016 6:06 AM
  • Thanks

    Dean MCTS-SQL 2005 Business Intelligence, MCITP SharePoint 2010, MCSA Office 365

    Friday, April 8, 2016 9:05 AM
  • If you want something that'll monitor changes on files, you'd need another solution such as LogRhythms

    https://logrhythm.com/solutions/security/file-integrity-monitoring/

    Other solutions are out there as well, I'm just aware of that product.

    You also should be able to have ATA feed alerts into this solution to consolidate reporting/monitoring.

    Friday, April 8, 2016 11:09 AM