Forum Discussion

gregg340's avatar
gregg340
Copper Contributor
Feb 16, 2021

Sentinel Playbook - Fileshare monitoring and Data Accessing

Please I need help with a playbook for network fileshare monitoring as well as data access.

 

Thanks

 

  • gregg340's avatar
    gregg340
    Copper Contributor
    Monitor fileshare and auditing the fileshare in file server, such as name of file accessed, username, newly added user to the fileshare, fileserver name, and shared file.
    • GaryBushey's avatar
      GaryBushey
      Bronze Contributor

      gregg340 That would really depend on which file server you are using. 

       

      BTW, in Azure Sentinel speak, a playbook is an automated workflow that runs when an alert is created. You would want a data connector in this case.

       

      I don't see any data connectors for file servers listed but if it can export its logs into either a Syslog or CEF format you can easily obtain the data.   Otherwise a custom connector may need to be written to upload the data into Azure Sentinel.

Resources