Sentinel Playbook - Fileshare monitoring and Data Accessing

%3CLINGO-SUB%20id%3D%22lingo-sub-2139694%22%20slang%3D%22en-US%22%3ESentinel%20Playbook%20-%20Fileshare%20monitoring%20and%20Data%20Accessing%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2139694%22%20slang%3D%22en-US%22%3E%3CP%3EPlease%20I%20need%20help%20with%20a%20playbook%20for%20network%20fileshare%20monitoring%20as%20well%20as%20data%20access.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
New Contributor

Please I need help with a playbook for network fileshare monitoring as well as data access.

 

Thanks

 

3 Replies
What is it you are trying to do?
Monitor fileshare and auditing the fileshare in file server, such as name of file accessed, username, newly added user to the fileshare, fileserver name, and shared file.

@gregg340 That would really depend on which file server you are using. 

 

BTW, in Azure Sentinel speak, a playbook is an automated workflow that runs when an alert is created. You would want a data connector in this case.

 

I don't see any data connectors for file servers listed but if it can export its logs into either a Syslog or CEF format you can easily obtain the data.   Otherwise a custom connector may need to be written to upload the data into Azure Sentinel.