ThreatLocker® Storage Control Audit
What is Storage Control Audit?
It does not matter what the storage device, ThreatLocker® keeps a full audit of every action that users take. We log, and store reads write, delete and moves in a simple[DJ9] [CM10] to use secure cloud portal. By searching the audit, you can see what applications, users and computers are accessing your information. With ThreatLocker® Storage Control you can rest assured that there is a full audit of what's important to your business.
Record in the audit gives you the ability to search for items that hit in this policy in the audit. You may want to create a policy to exclude certain activities, like an antivirus scan from logging in the audit.
How to export audit results?
To export audit results:
1. Search for audit entries;
2. Select Export Results to CSV button;
3. Enter the CSV name; and
4. Save the file.
All results from the search will be exported, up to a maximum of 20,000 rows. The exported file will contain:
DateTime – The date and time when the policy was hit
FullPath – The full path where the policy was hit
Hostname – The computer which hit the policy
Username – The username which hit the policy
PolicyName – The policy name
OpenedBy – The process which hit the policy
DeviceType – The type of device where the policy was hit (e.g. USB drive, local hard drive, etc.)
ActionType – The action done (e.g. read, delete, move, etc.)
SerialNumber – The serial number of the device
ActionName – Permit or Deny
How to search for audit trails?
ThreatLocker® offers the possibility to search for audit records. To perform a search:
Select search textbox;
Type any keyword or path; and
Hit Enter key from the keyboard or select Search button.
ThreatLocker® comes in your help with advanced search filters like:
Start Date/Time – The date and time to end the search form
End Date/Time – The date and time to end the search form
Full Path – The file path for which audit was created
Process – The application that opened the file, or the file was opened with
Username – The username which acted on the file
Computer Name – The computer where the audit was done for the file
Policy Name – The policy type (e.g. Permit or Deny)
Action – The action type (e.g. Any, Read, Write, Delete, Move)