The File Auditing feature is a new feature in V5 which allows system/network and security administrators to log file activities that occurs on each managed endpoints.
The File auditing feature works currently on Windows Machines only, although it will be supported on Linux machines as well in the upcoming release so if you have a question about the next release, feel free to email us on sales@sisegy.com and our technical team will respond back to you.
When the agent starts, it looks up all local writable disk drives connected to the local machine and start tracking each drive, currently it tracks file creation/deletion and modification on each drive and report them immediately to the server.
This allows administrators/auditors to track file activities in realtime and track malicious file extensions if they appear on the network as well.
This feature is useful for:
- Auditing malicious file activities by the users.
- Track file deletion by the users.
- Provide Strong audit tracking for important files.
Currently the auditing works only on local drives and doesn’t track file share access.