locked
Detecting File Share Changes RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote
    Will ATA detect or scan for changes on file shares?  I’m assuming it strictly looks for server, workstation and user traffic

    Dean MCTS-SQL 2005 Business Intelligence, MCITP SharePoint 2010, MCSA Office 365

    Thursday, April 7, 2016 2:27 PM

Answers

  • Question
    Sign in to vote
    1
    Sign in to vote

    Hi,

    ATA can only detect attacks/changes/communication via a PortMirror from/to the DC. If you have an share on another server, than ATA will only detect the communication with the DC but no direct communication with the "share" server. If the share in on your DC, ATA will also not detect the filetransfer itself.

    Regards

    • Marked as answer by Dean Gross Friday, April 8, 2016 9:05 AM
    Friday, April 8, 2016 6:06 AM

All replies

  • Question
    Sign in to vote
    1
    Sign in to vote

    Hi,

    ATA can only detect attacks/changes/communication via a PortMirror from/to the DC. If you have an share on another server, than ATA will only detect the communication with the DC but no direct communication with the "share" server. If the share in on your DC, ATA will also not detect the filetransfer itself.

    Regards

    • Marked as answer by Dean Gross Friday, April 8, 2016 9:05 AM
    Friday, April 8, 2016 6:06 AM
  • Question
    Sign in to vote
    0
    Sign in to vote
    Thanks

    Dean MCTS-SQL 2005 Business Intelligence, MCITP SharePoint 2010, MCSA Office 365

    Friday, April 8, 2016 9:05 AM
  • Question
    Sign in to vote
    0
    Sign in to vote

    If you want something that'll monitor changes on files, you'd need another solution such as LogRhythms

    https://logrhythm.com/solutions/security/file-integrity-monitoring/

    Other solutions are out there as well, I'm just aware of that product.

    You also should be able to have ATA feed alerts into this solution to consolidate reporting/monitoring.

    Friday, April 8, 2016 11:09 AM