Log Auditing for SharePoint® with SolarWinds® LEM and LOGbinder SP

•

2 gostaram•1,403 visualizações

For more information on LEM, visit: http://www.solarwinds.com/log-event-manager.aspx Watch this webcast: http://www.solarwinds.com/resources/webcasts/log-auditing-for-sharepoint-with-log-and-event-manager-and-logbinder.html Watch how SolarWinds® and LOGbinder teams combined their effort to integrate the LOGbinder audit data into SolarWinds Log & Event Manager (LEM), and providing not only the required connector, but additional rules, filters, and reports for real-time monitoring and historical analysis of the Share Point auditing data. These rules, filters, and reports will help you make the most of both investments. As more and more sensitive information makes its way into SharePoint the risk of not auditing SharePoint activity grows. If you don’t already feel the pressure to bring SharePoint audit logs into your SIEM / log management process you probably will soon as more regulators and auditors take notice of SharePoint’s explosive growth. SharePoint has a built-in audit logging capability but 6 issues make SharePoint audit log management a technical challenge: 1. SharePoint's audit log does not provide the names of users or object 2. SharePoint's audit log is buried in SharePoint's SQL server content database. 3. SharePoint's audit log has no reporting. 4. Windows SharePoint Services provides no interface for enabling auditing at all. 5. SharePoint's audit log. 6. No way to manage audit policy. Deploy SolarWinds Log & Event Manager (LEM); an award winning log and event correlation software for any size IT network management environment. LEMs node-based pricing is a perfect fit for any tight IT budget while proving all the power and ease of a SIEM solution for operations, compliance (PCI, HIPAA, NCUA, GLBA, NERC-CIP, FISMA, SOX) and security needs. Is your organization using SharePoint? Perhaps you should check SolarWinds LEM out! Download a full-featured, free 30-day trial now: http://www.solarwinds.com/log-event-manager.aspx

Tecnologia

®
Auditing SharePoint Activity
for Compliance and Security

 Made possible by:

© 2012 Monterey Technology Group Inc.

Brought to you by:

LOG & EVENT MANAGER
www.logbinder.com www.solarwinds.com
Randy Franklin Smith Rob Johnson
Creator of LOGbinder Sr. Sales Engineer

© 2012 Monterey Technology Group Inc.

Preview of Key Points

Risks of not auditing SharePoint
Native SharePoint audit foundation
Building on the foundation
®
SolarWinds Log & Event Manager
LOGbinder SP

© 2012 Monterey Technology Group Inc.

Risks of not auditing
SharePoint
Customer information disclosure
Liability, notification costs, loss of good will
Trade secrets and intellectual property
Human resources data
Regulatory penalties and liability
SOX
PCI
HIPAA
GLBA

© 2012 Monterey Technology Group Inc.

Native SharePoint
audit foundation
Available in
®
Window Server System (WSS) 3.0
• Not exposed in the interface
SharePoint 2007
SharePoint Foundation
• Not exposed in the interface
SharePoint 2010

© 2012 Monterey Technology Group Inc.

Native SharePoint
audit foundation
 Audit policy defined
 Site collection level
 List/Library level
 No way to set global audit policy or automatically audit new site
collections
 What can you audit?
 Changes to audit policy
 Permission changes
 Group membership changes
 View
 Check in/out
 Delete/Update
 Schema changes
 Workflow
 Search

© 2012 Monterey Technology Group Inc.

Native SharePoint
audit foundation
Where is the SharePoint audit log?
Stored in the content database
Accessible via Audit Reports under Site Collection
Administration
Can you rely on the native audit log?
Provides an accurate audit trail
But limitations exist

© 2012 Monterey Technology Group Inc.

Native SharePoint
audit foundation
Audit records written to internal table within
content database
Inaccessible to log management solutions
®
Consumes SQL/SharePoint storage
Stores audit logs on same system where they are
generated

© 2012 Monterey Technology Group Inc.

Native SharePoint
audit foundation
 Rudimentary Excel® reports available
 Audit codes, object ID numbers, user and group ID
numbers not translated

Native SharePoint
audit foundation
No alerting

Audit log purging introduced with SP2010

© 2012 Monterey Technology Group Inc.

Native SharePoint
audit foundation
Limitations in WSS and Foundation
Audit engine present

Auditing only possible through application that
interfaces with SharePoint API

© 2012 Monterey Technology Group Inc.

Building on the foundation

SharePoint

LOG & EVENT MANAGER

Windows
Event Log
Alerts Reports Archive

© 2012 Monterey Technology Group Inc.

Turn data into information
 LOGbinder SP Agent
SharePoint
 Translates SharePoint audit
records into human readable audit LOG & EVENT MANAGER
trail
Windows

 Sends SharePoint audit events to
Event Log
Alerts Reports Archive

the Windows event log
 Purges events after export

© 2012 Monterey Technology Group Inc.

Take action
on the information
 SolarWinds LEM SharePoint
 Built-in support for
LOGbinder SP LOG & EVENT MANAGER

 Secure, long term log Windows

archival Event Log
Alerts Reports Archive

 Alerting
• Recommended default
alerts already implemented
 Reporting
• Recommended reports
already implemented
• Schedule reports
daily, weekly, monthly

© 2012 Monterey Technology Group Inc.

Bottom Line

 SharePoint increasingly
used to store and process Next steps
sensitive information  Download evaluation copy
 Becoming an IT audit and
compliance target  Schedule a demo
 Auditing, alerting, reporting
is a must for any
technology like SharePoint www.logbinder.com/sp
 SharePoint native auditing
is a foundation technology www.solarwinds.com
 SolarWinds LEM with
LOGbinder SP builds on
that foundation to provide
fully managed audit and
security monitoring for
SharePoint

© 2012 Monterey Technology Group Inc.

Mais conteúdo relacionado

Mais de SolarWinds

Government and Education Webinar: Public Sector Cybersecurity Survey - What I...

SolarWinds

Becoming Secure By Design: Questions You Should Ask Your Software Vendors

SolarWinds

Government and Education Webinar: Real-Time Mission, CIO, and Command Dashboards

SolarWinds

Government and Education Webinar: Simplify Your Database Performance Manageme...

SolarWinds

During this interactive webinar, our presenter discussed how to leverage major Orion® Platform alert features and use lessons learned and best practices to provide actionable information for events around your organization. Attendees learned about: Using enhanced node status and dependencies Defining thresholds or baselines Categorizing and filtering with custom properties and groups Leveraging advanced alerting features to improve alert detail and reduce noise Ensuring persistent issues generate or escalate alerts and alarms Integrating with chat, ticketing, APIs, and/or SMS and providing detailed poll data Alert actions for network devices, servers, or services on failure

Government and Education Webinar: SolarWinds Orion Platform: Audit and Stream...

SolarWinds

During this interactive webinar, our presenter discussed how automation can improve support levels and maximize your resources. He also reviewed how SolarWinds® IT operations management (ITOM) solutions can help with alerts, configuration management, capacity planning, and cyberthreat response and prevention. Attendees learned about: Alerts—leverage intelligent alerting to notify the appropriate staff members and use thresholds to trigger alerts Configuration management—for networks, back up and standardize configs and automate repetitive tasks during upgrades; for systems, establish baselines and get notified of changes Capacity planning—monitor system capacity and get notified when trends indicate shortages will occur; get virtualization recommendations based on data from your environment Threat response—establish conditions for active responses to automatically make changes to deter active cyberthreats

Government and Education Webinar: Leverage Automation to Improve IT Operations

SolarWinds

Government and Education Webinar: Improving Application Performance

SolarWinds

During this interactive webinar, our presenter discussed how to leverage IT tools to improve operations management and support for on-site and remote workers. Attendees learned about: • Improving network monitoring with ipMonitor® and configuration management with Kiwi CatTools® • Centralizing and simplifying log message management across network devices and servers • Monitoring logs with Kiwi Syslog® Server • Utilizing IT service management tools like SolarWinds Web Help Desk® or SolarWinds Service Desk to improve resolution rates and provide self-service • Leveraging Dameware® tools to support users and manage systems remotely

Government and Education: IT Tools to Support Your Hybrid Workforce

SolarWinds

Government and Education Webinar: There's More Than One Way to Monitor SQL Da...

SolarWinds

Attendees spent the day with SolarWinds learning how to get the most out of our network, systems, database, compliance and security products, and IT support tools. We discussed how we responded to the recent security incident, and how we’re moving forward with our Secure by Design approach. Our system engineers dove into the technical details, reviewed new products and features, and demonstrated configuration and integration points. Presentation topics included technical updates on the following: - Network management products and scaling the Orion® Platform - Systems and database monitoring products - Security and compliance products - SolarWinds ITSM and support tools

SolarWinds Government and Education Webinar: Virtual Technology Briefing 08.0...

SolarWinds

Government and Education Webinar: Zero-Trust Panel Discussion

SolarWinds

View this webinar to learn about the SolarWinds® Orion® Assistance Program (OAP) and how to take advantage of the program. OAP provides upgrade and hotfix assistance to SolarWinds customers under active maintenance who were/are running one of the Orion Platform versions affected by SUNBURST or SUPERNOVA. Learn more details about the program, best practices and advice on lessons learned from Monalytic’s experience supporting over 100 government customers with this program, and how to get support through the program.

Government and Education: Leveraging The SolarWinds Orion Assistance Program ...

SolarWinds

Government and Education Webinar: SQL Server—Advanced Performance Tuning

SolarWinds

In this webinar, we discussed how to recover IP addresses on your network, whether abandoned, static, or reserved. During this interactive webinar, attendees learned about: Gain a more complete view of your network and find abandoned IP addresses Obtain accurate, current information about the IP addresses in use on your network Easily change the address status from “Used” to “Available” Receive alerts when DHCP address pools exceed utilization thresholds

Government and Education Webinar: Recovering IP Addresses on Your Network

SolarWinds

In this webinar, we discussed optimized monitoring with an enterprise-grade host monitor. We also reviewed how to use monitor performance on hybrid systems, optimize host resource usage, leverage templates, and understand the relationships. During this interactive webinar, attendees learned about: Leveraging details about application health to achieve visibility into key performance metrics Using analytics dashboard to compare different types of data side-by-side Monitoring VMs running on a host and make sure resources are allocated properly Leveraging capacity forecast charts and metrics to identify when server resources will reach warning and critical thresholds Using application monitor templates to speed up troubleshooting and focus on what to fix Getting visibility across your systems environment, from applications to servers, virtualized infrastructure, databases, and storage system

Government and Education Webinar: Optimize Performance With Advanced Host Mon...

SolarWinds

In this webinar, we discussed how SolarWinds® solutions can help you overcome remote work IT challenges. During this interactive webinar, attendees learned about: Improve network monitoring, configuration, and VPN management with SolarWinds Network Performance Monitor (NPM) and SolarWinds Network Configuration Manager (NCM) Monitor the server and application performance of your collaboration systems with SolarWinds Server & Application Monitor (SAM) Utilize configuration management to efficiently deploy upgrades and improve compliance with NCM Support users and systems remotely with tools such as SolarWinds Dameware® Remote Support (DRS) and SolarWinds Dameware Remote Everywhere (DRE) Improve IT request management, ticket tracking, and asset management with tools like SolarWinds Web Help Desk® and SolarWinds Service Desk Automate provisioning and permissions management with SolarWinds Access Rights Manager™ (ARM) Locate users and devices on your network with SolarWinds User Device Tracker (UDT)

Government and Education Webinar: Conquering Remote Work IT Challenges

SolarWinds

In this webinar, we discussed how SolarWinds can help you streamline this process across your databases and prioritize issues so you can be a more efficient SQL Server professional. During this interactive webinar, attendees learned: • How to identify missing indexes • What you can to do improve the quality and performance of your indexes • The types of indexes in SQL Server and how they can benefit different types of workloads • Viewing index operations within execution plans

Government and Education Webinar: SQL Server—Indexing for Performance

SolarWinds

In this webinar, we discussed how SolarWinds® solutions for Azure® monitoring provide end-to-end visibility for your applications running on private, public, and hybrid clouds. We also reviewed our Azure Gov Cloud deployment options and best practices. During this interactive webinar, attendees learned about: Rightsizing and optimizing your virtual machines to get them ready for Azure and managing sprawl control with SolarWinds Virtualization Manager (VMAN) Leveraging over 1,200 application, server, and Azure infrastructure monitoring templates with SolarWinds Server & Application Monitor (SAM) Monitoring your Azure Services, Azure App Service, and custom applications using transaction tracing, code profiling, and exception tracking with SolarWinds AppOptics™, a software as a service (SaaS) product Testing end-user experience from inside the organization and outside the firewall with SolarWinds Web Performance Monitor (WPM) Ensuring your databases are performing optimally through cross-platform database performance optimization and tuning with SolarWinds Database Performance Analyzer (DPA) SolarWinds availability on Azure Gov Cloud and how deployment works

Government Webinar: Monitoring Azure and Deploying SolarWinds on Azure Govern...

SolarWinds

In this webinar, we discussed how SolarWinds® infrastructure monitoring tools can help improve your agency’s RMF, NIST FISMA, and DISA STIG compliance. Our presenter discussed how our solutions help manage everything from configurations and access control rights to system and application patching and log management. During this interactive webinar, attendees learned: How SolarWinds Network Configuration Manager (NCM) and SolarWinds Server Configuration Monitor (SCM) support compliance with STIG templates and how NCM also includes out-of-the box FISMA templates How SolarWinds Security Event Manager (SEM) provides log and event processing and notifications and offers active responses to help meet your organization’s security objectives How SolarWinds Access Rights Manager™ (ARM) helps reduce insider threat risks by managing and auditing access rights for systems, data, and files, including Active Directory® support How SolarWinds Patch Manager quickly addresses software vulnerabilities for Microsoft® and third-party applications

Government Webinar: RMF, DISA STIG, and NIST FISMA Compliance Using SolarWinds

SolarWinds

In this webinar, Adam Rosenbaum, who leads our Federal System Integrator program here at SolarWinds, was joined by Jason Spezzano, Senior Director of Cybersecurity, and Dave Gray, Senior Cybersecurity Analyst, both of CyberDefenses, Inc., for a panel discussion about preparing for CMMC Compliance and what can be done now to get ready. During this interactive webinar, attendees learned from this panel: How to leverage NIST 800-171 compliance reports to track progress or support audits How to use tools like SolarWinds’ solutions to maintain IT hygiene How to leverage configuration and patch management tools to satisfy security controls or help implement and manage controls How to use configuration and log management to verify controls are implemented correctly[SWL1] How to navigate the process of obtaining certification How an assessment, from security services firms like CyberDefenses, can make the process more efficient

Government Webinar: Preparing for CMMC Compliance Roundtable

SolarWinds

Mais de SolarWinds (20)