Windows File System
Cygna Auditor helps you secure your business critical assets such as important files and folders stored on your Windows servers and shared resources.
Cygna Auditor notifies you on both successful and failed actions thus allowing you to identify unusual activity peaks or unauthorized access attempts, and mitigate these risks immediately. The reports shipped with the product are designed to help you prove compliance with various security standards and regulations, including PCI and GDPR.
Start Collecting Data
- On the Cygna Auditor home page, click the Configuration tile and then drill-down to File System / Servers.
-
Click to add servers for auditing. To collect data, Cygna Auditor needs to deploy an auditing service on each server you want to audit. The drivers are non-intrusive and will not affect the server operability.
-
In the dialog that opens, provide administrator credentials. Cygna Auditor will look up for servers and show the list of available servers. Select servers you want to audit and click Install.
Note: On these servers, enable the following inbound firewall rules: Netlogon Service (NP-In), File and Printer Sharing (SMB-In), and File Server Remote Management (SMB-In).
- Cygna Auditor will suggest you add data collection filters.
Check the data collection status in the audited servers list.
Configure Monitoring Filters
Filters help you narrow down the number of events collected and processed by Cygna Auditor. Typically, file system generates thousands of events, mostly read events, processing all of them may have significant impact on your network bandwidth as well as Cygna Auditor server performance. Create filters to audit and process the events you are interested in (such as create, delete, etc.) and skip others.
- Navigate to Configuration / File System / Filters and click .
- Provide a name for a filter and description.
-
Add filtering criteria and define exceptions if necessary. For example:
You'll see all filters in the list. Disable or update filters if necessary.
Note: This step is only required if you use Windows authentication on your SQL Server.
To ensure the agent feeds audit data to your Cygna Auditor database, make sure it has sufficient permissions on your SQL Server instance.
For each file server where the agent runs, do the following: On SQL Server, create a login for each computer account (domain\computeraccount$) and assign it the db_owner and public roles for your Cygna Auditor database.
Continue reading: