Help Center

File Audit Endpoint Security File Analysis Risk Analysis Release Notes

Setting up File Audit

Dashboard

Reports

Alerts

Incidents

Advanced configurations

Setting up Endpoint Security

Reports

Advanced configurations

Setting up File Analysis

Dashboard

Reports

Incidents

Configuration

Setting up Data Risk Assessment

Dashboard

Reports

Advanced configuration

Quick Start File Audit Endpoint Security Risk Analysis File Analysis About DataSecurity Plus Release notes Contact us

2018

2017

2016

2015

Account Logon » Default Port Configuration

Predefined incidents

The predefined incidents are the list of profiles based on which critical security vulnerabilities are identified and raised as incidents. As soon as a file server is set up, event collection and processing starts, cross-verifying the events generated with the predefined incident configuration.

The below are predefined incidents configured in DataSecurity Plus' File Audit solution:Sensitive Data Deleted

Creates an incident when files containing confidential information are deleted.

Sensitive Data Deleted

Creates an incident when files containing confidential information are deleted.

Ransomware Attack

Detects and responds to potential ransomware attacks using an automated threat response mechanism.

File Access Anomalies

Detects and creates an incident for sudden anomalous file changes or spikes in file access events.

Privilege Anomalies

Analyzes and raises incidents for sudden spikes in permission changes.

Sensitive Data Security

Raises an incident when critical events, such as rename, move, permission change, owner change, SACL change, delete, and modify, occur in files with sensitive data.

Non-Business Files

Identifies and deletes non-business files, including media files.

Learn how to create new incident profiles.

Follow the steps below to modify the predefined incidents:

  • Click the File Audit tab. Go toConfiguration > Settings > Incident Configuration.
  • Choose any server, as the predefined configuration is the same for all servers configured.
  • You can now view the list of predefined incidents.
  • If required, you can choose to modify the predefined incident configuration using the edit options available.
  • Add or modify incident details, including those under the Criteria section.
  • Click Save.
×

Thanks for your interest in DataSecurity Plus' Private Beta!

Please let us know your mail ID so we can send the beta download link.

Thanks! Kindly check your mailbox for the link.
  • Please enter a valid Business Email
    Please enter your Business Email
  • By clicking 'Send me the link', you agree to processing of personal data according to the Privacy Policy.