Forum Discussion
gregg340
Feb 16, 2021Copper Contributor
Sentinel Playbook - Fileshare monitoring and Data Accessing
Please I need help with a playbook for network fileshare monitoring as well as data access.
Thanks
- gregg340Copper ContributorMonitor fileshare and auditing the fileshare in file server, such as name of file accessed, username, newly added user to the fileshare, fileserver name, and shared file.
- GaryBusheyBronze Contributor
gregg340 That would really depend on which file server you are using.
BTW, in Azure Sentinel speak, a playbook is an automated workflow that runs when an alert is created. You would want a data connector in this case.
I don't see any data connectors for file servers listed but if it can export its logs into either a Syslog or CEF format you can easily obtain the data. Otherwise a custom connector may need to be written to upload the data into Azure Sentinel.
- GaryBusheyBronze ContributorWhat is it you are trying to do?