About audit logs


About audit logs
Prev	Introducing Symantec Data Insight	Next

Symantec Data Insight collects and stores access events from file servers and SharePoint sites. These access events are used to analyze the user activity on various files, folders, and sub-folders for a given time period. The audit logs provide detailed information about:

Users accessing the file or folder
The file type
The access types such as:
- Read
- Write
- Create
- Delete
- Rename
- Security Event - The security event is logged when the access control entries of a file or folder are changed. This event helps to identify who changed the permissions.
The access timestamp
The IP address of the machine that the user has generated the access activity from.

You can use these access events for the following purposes:

Understand who are the most active users of a file or folder in the event of a data leak.
Carry out forensic investigations that help you understand the specific access events on sensitive data. For example, in case of a data leak, the information security team would want to know who accessed a particular file and the most active users of that file.
Provide information about orphan data, that is data owned by users who have left the organization or moved to a different business unit.
Provide information about stale data that is never or rarely accessed.

For the purpose of calculating the access count, Data Insight records a read event when a user opens a file, reads it at least once, and closes it. Similarly, when a user writes to a file between an open and a close event, Data Insight considers it a write event. If there are read and write events, then one event is counted for each read and write.

Prev	Up	Next
About data custodian	Home	About permissions