Help Center

Third-party software Contact us

Access audit profiles

Access audit profiles are the settings based on which events are collected by DataSecurity Plus. This vital configuration determines which access types, users, and shares are audited. The collected data is then displayed in reports.

For more information on the data collection process in File Audit, refer to the architecture.

To give users granular control over audit data collection in their file storage environment, DataSecurity Plus supports two types of access audit profiles:

  • Global audit profiles, which can be applied to all or a combination of configured servers.
  • Server-specific profiles, which are applied individually to specific servers.

These profiles help users ensure that collected event details are not duplicated, which can cause log databases to fill up faster.

Access audit profiles can be viewed and modified only by administrative technician accounts. To view all configured audit policies, follow the steps below:

  • Select File Audit from the application drop-down.
  • Go to Configuration > General Settings > Audit Configuration.
  • Here, you will see the Global Profiles and Server Specific Profiles tabs.
    • Global Profiles: In this tab, you can view a list of the access audit configurations applied to all or a combination of configured servers.
    • Server Specific Profiles: In this tab, select a server in the Server Name field to view all the access audit configurations specific to that server along with the global audit configurations that have been applied to it.

Creating and editing access audit profiles

A) Global audit profiles

Upon installation, DataSecurity Plus will have one default global audit profile. This, the Default Access Audit Configuration, is a predefined profile based on which event collection and processing will start as soon as a file server is set up in DataSecurity Plus. It collects audit data based on these filters:

User: All

Monitor Object: All

Action: All

It collects details on all file access events performed by all users on all configured shares, local folders, sub-folders, and local files in the configured servers.

File actions audited by the default global audit profile

Create Modify Delete Move
Owner change Overwrite Permission change Rename
SACL change File copied Read deny Restore
Write deny Delete deny File extension change Read
File paste      

Creating global audit profiles

To create a new global audit profile:

  • Select File Audit from the application drop-down.
  • Go to Configuration > General Settings > Audit Configuration > Global Profiles.
  • Click Add Global Profile in the top-right corner.
  • Enter a suitable profile name and description for the audit profile.
  • Click the + icon next to the Selected Servers field and choose the servers that you wish to apply this profile to.
  • To apply this profile to any new servers that might be added to DataSecurity Plus in the future, check the box next to Apply profile to new servers.
  • Under Criteria, choose the entities to be configured under the Include and Exclude options.
  • Click Save to create a new global audit profile.

Note: Exclude filters will be given precedence over Include filters.

Best practice: Multiple global access audit policies are seldom required. Please note that duplicate audit profile settings will cause audit data to be collected twice, take up unnecessary database space, and be listed multiple times in reports. To eliminate the possibility of an overlap, we strongly recommend contacting DataSecurity Plus' technical experts at support@datasecurityplus.com prior to starting the procedure. Our technicians will assist you with audit profile configuration via a remote support session.

Editing global audit profiles

To edit a global audit profile:

  • Select File Audit from the application drop-down.
  • Go to Configuration > General Settings > Audit Configuration > Global Profiles.
  • Click the edit icon next to the audit profile you wish to edit.
  • Change the required fields under Include and Exclude to collect or omit file access audit details for those entities.
  • Click Save.

Best practice: For most use cases, there will be no need to edit an audit profile. In fact, it is not recommended unless you are a certified DataSecurity Plus technician. A misconfiguration can potentially lead to a total loss of critical audit data.

To view audit data for a specific file, user, access type, or other criteria, you can instead use filters in the default reports or create a custom report by following the steps in this page.

Server-specific profiles

Creating server-specific profiles

To create a new server-specific profile:

  • Select File Audit from the application drop-down.
  • Go to Configuration > General Settings > Audit Configuration > Server Specific Profiles.
  • Click the + icon next to the Server Name field and choose the server that you wish to create a profile for. Click Select.
  • Click Add Server Profile in the top-right corner.
  • Enter a suitable profile name and description for the audit profile.
  • Under Criteria, choose the entities to be configured under the Include and Exclude options.
  • Click Save to create a new server-specific audit profile.

Note: Exclude filters will be given precedence over Include filters.

To better understand how you can use the server-specific audit profiles, here is an example for when you don't want to audit all file accesses made by users in a server.

Say two shares are configured in a server and you want to audit all events in share A but only some events in share B. You can create two server-specific audit profiles as shown below:

Audit Profile A:

To audit all file access events in share A, set the filters as:

User Object: All

Action: All

Monitor Object: Share A

Audit Profile B:

To audit only delete, move, and permission change events in share B, set the filters as:

User Object: All

Action: Delete, Move, Permission Change

Monitor Object: Share B

Audit Profile B will ensure that only the specified events are collected by DataSecurity Plus in share B. Other accesses like Read, Modify, Write Deny, and more will not be collected. To ensure that those events are not collected elsewhere and that the included events are not collected multiple times, remove the server from all applicable global audit profiles.

Tip: In case you wish to apply the same audit profile to two or more servers, use the Global Profiles tab and apply the profile to multiple servers. This will save time by eliminating the need for multiple individual server-specific audit profiles.

Editing server-specific audit profiles

To edit a server-specific audit profile:

  • Select File Audit from the application drop-down.
  • Go to Configuration > General Settings > Audit Configuration > Server Specific Profiles.
  • Select the server for which you want to edit the profile from the corresponding field.
  • Click the Edit icon next to the audit profile you want to edit.
  • Change the required fields under Include and Exclude to collect or omit file access audit details for those entities.
  • Click Save.

Best practice: For most use cases, there will be no need to edit an audit profile. In fact, it is not recommended unless you are a certified DataSecurity Plus technician. A misconfiguration can potentially lead to a total loss of critical audit data.

To view audit data for a specific file, user, access type, or other criteria, you can instead use filters in the default reports or create a custom report by following the steps in this page.

Deleting audit profiles

To delete an audit profile configuration:

  • Select File Audit from the application drop-down.
  • Go to Configuration > General Settings > Audit Configuration.
  • Select the type of profile you wish to delete from the corresponding tabs.
  • If you want to delete a server-specific profile, select that server in the Server Specific Profiles tab. Otherwise, skip this step.
  • From the table, check the box next to the profile you wish to delete.
  • Click the delete icon at the top of the table.
  • Click OK to confirm the action.

Don't see what you're looking for?

  • Visit our community

    Post your questions in the forum.

     
  • Request additional resources

    Send us your requirements.