Administration Guides
Key Features
Home

Key Features

Active Auditing - Real time audit features

  1. Custom Real time triggers - define your own policies with many fields user, path, file , extension , source ip and more with and or logic to detect any condition in real time and send notifications.
  2. Mass delete - many files deleted by a user within a timed period
  3. Data loss prevention - detect a user reading data from a path, as a percent of the data on the path.
  4. Continous Search Results -  All searches now return 50 000 records during the search upto a maxiumum of 1, 000, 000 records.  This allows a user to view results as they are found while the search continues to look for more records.   This streams results to the report tab and allows the CSV to be downloaded during a search to see if any events found are of interest.     If the results found during a search are the only results needed, then the search can be  canceled from running reports or allowed to complete.
  5. Configurable actions:
    1. Alerts (email, syslog, SNMP)
    2. Filesystem snapshot of affected path
    3. User SMB share lockout
  6. WireTap - real time file system audit data decoded
    1. Wiretap a path or a user
    2. Raw decode of audit events decoded to open files, file actions by user.
    3. 2.5.5 new filter option for events, local path or sub folders option.  Full screen mode allows viewing more events.  Streams based processing queues events for display.
  7. Use cases:
    1. Performance of file activity by user or application
    2. Application IO profiling
    3. File locking
    4. Group share activity monitoring
    5. Real time or historical playback of audit data
  8. Where did my folder go? - quickly find renamed folders by users in group shares
    1. Search by user, path and date range
    2. Identify directory renames by user with old path and new path shown to make reverting data a simple process
    3. 2.5.5 adds directory deletes and UI filter to see folder moves or deletes or both.
  9. Robot Audit   - Automates event creation and report validation on scheduled basis to ensure healthy audit system is maintained on a regular basis.  Updated to provide self test feature.  Recommended for all customers to enable.
  10. Supported Protocol auditing
    1. SMB
    2. NFS
    3. HDFS (only vendor that can support HDFS auditing)

Report Query Builder

  1. GUI Search of audit data by cluster, user , path, date range , file action and file type
  2. Save queries for later use or scheduling to run on an interval
  3. Schedule queries to run on a interval to email when the query is satisfied.

Report

  1. Pre-built reports for stale user access and excessive permissions
  2. Top users (create and delete file actions) by file count
  3. Top users by quantity of data written  
  4. Scheduled or on demand reports and queries
  5. Reporting
    1. Search by path, user, event type
    2. Analytics reports (top writers by GB, file count create, delete)
    3. Security reports (stale access to data,  user share access, login log off reports)
    4. Employee Exit report
  6. 2.5.5 New threat detector AI reports use historical data to automatically build recommended settings for Ransomware Defender detection settings. Simple click and apply to activate AI based recommendations.

Role based Login

  1. Use the built in Auditor role
  2. User is auditor
  3. Default password is 3y3gl4ss
  4. Or create a new role to separate security, auditing and DR roles with AD group based roles customized to your needs with the user roles icon.  See RBAC guide for details.

Scalability

  1. Stores audit data on Isilon
  1. Leverage SnapshotIQ, SyncIQ to protected audit data
  2. Tier audit data with pools
  3. Compresses Audit data approximately 10:1
  4. Leverage scale out nas with HDFS on Isilon and IP pools to expand Disk IO performance
  5. Leverage Eyeglass architecture to scale out compute with 6 and 9 node query clusters for scaling to the largest customer sites.

Availability

  1. NFS audit data ingestion avoids the cost of CEE servers.  Performs with real-time event processing versus stored and forward used by CEE.
  2. HDFS + Isilon and Easy Auditor allows billions of rows of audit data to be stored.  No aging, pruning is necessary to reduce size of the audit database, providing lossless audit data storage.

Where to get Professional Services

  1. To get assistance with auditing configuration and design professional services can be quoted by emailing sales@superna.net
  2. Review Audit Service description 
Copyright Superna LLC