Veritas Data Insight collects and stores access events from file servers and SharePoint sites. These access events are used to analyze the user activity on various files, folders, and subfolders for a given time period. The audit logs provide detailed information about:
Users accessing the file or folder
The file type
The access types such as:
The access timestamp
The IP address of the machine that the user has generated the access activity from.
The details of the Permission Change event provide information about the following:
If a trustee (user or group) is allowed or denied permission on a path.
If a trustee's permissions are removed on a path.
If a trustee is given additional permission or denied certain permission on a path. For example, if a user 'X' has Read and Write permissions on a folder. If the user is also subsequently allowed Modify permission on the folder, Data Insight records an Permission Change event.
You can use these access events for the following purposes:
Audit permission changes on a folder.
Understand who are the most active users of a file or folder in the event of a data leak.
Carry out forensic investigations that help you understand the specific access events on sensitive data. For example, in case of a data leak, the information security team would want to know who accessed a particular file and the most active users of that file.
Provide information about orphan data, that is data owned by users who have left the organization or moved to a different business unit.
Provide information about the stale data that is never or rarely accessed.
For the purpose of calculating the access count, Data Insight records a read event when a user opens a file, reads it at least once, and closes it. Similarly, when a user writes to a file between an open and a close event, Data Insight considers it a write event. If there are read and write events, then one event is counted for each read and write.
More Information