Symantec Data Insight collects and stores access events from file servers and SharePoint sites. These access events are used to analyze the user activity on various files, folders, and sub-folders for a given time period. The audit logs provide detailed information about:
Users accessing the file or folder
The file type
The access types such as:
The access timestamp
The IP address of the machine that the user has generated the access activity from.
You can use these access events for the following purposes:
Understand who are the most active users of a file or folder in the event of a data leak.
Carry out forensic investigations that help you understand the specific access events on sensitive data. For example, in case of a data leak, the information security team would want to know who accessed a particular file and the most active users of that file.
Provide information about orphan data, that is data owned by users who have left the organization or moved to a different business unit.
Provide information about stale data that is never or rarely accessed.
For the purpose of calculating the access count, Data Insight records a read event when a user opens a file, reads it at least once, and closes it. Similarly, when a user writes to a file between an open and a close event, Data Insight considers it a write event. If there are read and write events, then one event is counted for each read and write.
More Information