Hello ,
if i´m monitoring a Windows file Server, How can I log the user info?
Thank you in advance.
The file_integrity module can report changes to files/dirs but not who made the change. This is because the API use to watch for changes does not include the data.
Windows has a built-in audit capability that can that you can deploy that reports events to the Security event log. Those events can then be read by Winlogbeat and forwarded to Elasticsearch. See https://docs.microsoft.com/en-us/windows-server/identity/solution-guides/plan-for-file-access-auditing.
1 Like
This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.