However, not all logs are created equal. Native logging from Microsoft Active Directory is noisy and difficult to understand – even for QRadar. Additionally, many event log entries generated by Active Directory lack critical details such as who made a change to a critical object, or where authentications are coming from and going to. The result is a tremendous visibility gap into perhaps the most critical piece of underlying infrastructure within any enterprise; Active Directory.
The preconfigured Stealthbits’ Active Directory App for QRadar enables organizations to efficiently monitor and prevent Active Directory changes, authentications, and attacks in real-time, allowing them to understand activity indicative of account compromise and giving them the ability to block undesired changes and access, all without any reliance on native logging or security controls.
Similarly, native logging from Windows File Servers and Network Attached Storage(NAS) devices like those offered from NetApp, EMC, and Hitachi are also noisy and difficult to understand. Additionally, many organizations struggle to even enable or configure logging properly on these systems due to performance concerns and complexity. The result is a tremendous visibility gap into the largest resource any organization has; their data.
The preconfigured Stealthbits File Activity Monitor App for QRadar enables organizations to efficiently monitor file access and permission changes across Windows and NAS file systems in real-time, allowing them to understand patterns of activity indicative of threats such as crypto ransomware, all without any reliance on native logging.