File Monitoring and Access Auditing

PA File Sight is a file monitoring software that will help you determine things like:

• When a file or folder was deleted
• Watch for log file modifications, useful for PCI DSS file integrity monitoring (FIM)
• Who deleted or moved files or folders (Active Directory/Domain user name)
• Which computer they read/wrote/deleted the file or folders from (IP address* and computer name)
• Who is reading and writing sensitive files
• When a new file or folder is created, renamed or moved

_{* IP address reporting requires client and server to both be Windows 7 / 2008 R2 or newer}

The Ultra Edition supports saving this data to a database, which then allows for rich reports. Read more about the difference between Ultra and Lite.

File Auditing Features

File Monitoring:

• All files or just a subset
• File and folder creation, deletion, access (reads), changes (writes)
• File and folder permission changes
• Successful actions and well as failures
• Real-time monitoring that does not require enabling system audit events

File Integrity Monitoring (FIM)

• Proves log files are only appended to, and not changed in the middle
• Alert if the an unexpected user or process changes files

Alert Details:

• User account, including domain/Active Directory
• User IP address* and computer name
• Target file and folder
• Activity that was done to the file (read, write, delete, ...)
• Date and time of action

Reporting (Ultra edition only):

• Report on specific users, files or activity (file delete for example)
• Report on specific time range
• Configurable data retention period
• Reports in text, HTML, .CSV or PDF formats

Detect Log File Tampering

PA File Sight can monitor log files. It can alert on writes (changes) to the middle of files, but ignore the expected appends to the end of the log files. This lets you detect log tampering.

Learn more about PA File Sight