IBM QRadar

IBM QRadar

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only

  • 1.  FAM with Sysmon

    Posted Mon November 19, 2018 05:45 AM
    Did anyone knows or did already FAM (File Access Management) with Sysmon? I have a usecase where the customer wants to know if some important files get deleted or moved.

    ------------------------------
    Martin Schmitt
    ------------------------------


  • 2.  RE: FAM with Sysmon

    Posted Wed November 21, 2018 09:21 AM
    You can just use the normal windows eventlog with advanced auditing policies and NTFS auditing on the files and folders and collect them trough normal windows security events. Adding some custom properties and a reference set with file to monitor

    ------------------------------
    Martijn Groenewegen
    ------------------------------

    Original Message


Related Content