ThreatLocker® Storage Control Audit
What is Storage Control Audit?
It does not matter what the storage device, ThreatLocker® keeps a full audit of every action that users take. We log, and store reads write, delete and moves in a simple[DJ9] [CM10] to use secure cloud portal. By searching the audit, you can see what applications, users and computers are accessing your information. With ThreatLocker® Storage Control you can rest assured that there is a full audit of what's important to your business.
Record in the audit gives you the ability to search for items that hit in this policy in the audit. You may want to create a policy to exclude certain activities, like an antivirus scan from logging in the audit.
How to export audit results?
To export audit results:
- Search for audit entries;
- Select Export Results to CSV button;
- Enter the CSV name; and
- Save the file.
All results from the search will be exported, up to a maximum of 20,000 rows. The exported file will contain:
- DateTime – The date and time when the policy was hit
- FullPath – The full path where the policy was hit
- Hostname – The computer which hit the policy
- Username – The username which hit the policy
- PolicyName – The policy name
- OpenedBy – The process which hit the policy
- DeviceType – The type of device where the policy was hit (e.g. USB drive, local hard drive, etc.)
- ActionType – The action done (e.g. read, delete, move, etc.)
- SerialNumber – The serial number of the device
- ActionName – Permit or Deny
How to search for audit trails?
ThreatLocker® offers the possibility to search for audit records. To perform a search:
- Select search textbox;
- Type any keyword or path; and
- Hit Enter key from the keyboard or select Search button.
ThreatLocker® comes in your help with advanced search filters like:
- Start Date/Time – The date and time to end the search form
- End Date/Time – The date and time to end the search form
- Full Path – The file path for which audit was created
- Process – The application that opened the file, or the file was opened with
- Username – The username which acted on the file
- Computer Name – The computer where the audit was done for the file
- Policy Name – The policy type (e.g. Permit or Deny)
- Action – The action type (e.g. Any, Read, Write, Delete, Move)