Hi, I'm Shawn Barker, product manager at Dell Software. And I'm going to demonstrate how Dell Change Auditor can audit file activity from your NetApp file servers. Event logging and change reporting from file servers is cumbersome and time consuming using native tools. Both because of the volume of data involved, and the fact that there's no centralized console available to monitor this activity across your environment. Change Auditor provides a centralized console where you can view your NetApp and other file server activity from one spot. So only activity from your most sensitive files and folders are audited.
So I'm going to start by grouping by event, and this will give me a quick breakdown of the types of activity that's occurring across my NetApp file servers. So for example, I can see where files, contents have been written, created, deleted, files opened, or accessed, renamed, as well as folder activity as well. So if I drill into a specific audit event here, in this case, a file that was renamed, Change Auditor gives me all the important information in one simple readable event. So for example, I can see from this event who made the change-- in this case, it was [? Lance ?] [? Strewn-- ?] the actual physical server where the change was made, what was changed to the actual file itself, when it was changed, and the origins. So this Is actually the workstation or IP address where the change was made from.
And for every event, Change Auditor gives me a before and an after value, so I can very easily troubleshoot problems. What's also very powerful about Change Auditor is from this view, I can do a related search and look at all the activity that's related to this user, just with the click of a button. So from this view, I can see all the other activity that [? Lance Strewn ?], this user, was up to recently, not just across NetApp, but also across directory and other file system. For example, I can see that this user was recently added to a local group on this server.
Change Auditor also makes this audit information available through a web browser. So I can get access to it from anywhere, including from mobile devices. I'm going to run the same report here of recent NetApp activity. And using the timeline function, I can quickly plot all of these events on an interactive timeline. And from this timeline, I see a quick summary of all the recent events have happened, and I can drill quickly into events that are of interest to me. And from the details here, if I click the link to the audit, it will take me back to the original report and I can see all the same audit details.
Keeping on top of access to our critical files and folders is going to be very important to both internal auditing groups or if you're subject to external regulations. So with Change Auditor I can take any search and quickly turn it into a real time alert or a scheduled report. So first, I'll set up a schedule a report for my auditors that reports on all permission changes to files. So first, I define the parameters of the search. I can define who is making the change, what's being changed, where it's being changed, or when. And then I can schedule the report.
So in this case, I want to track all permission changes that are happening. So I'm only going to add the NetApp events that relate to file and folder permissions changing. I'm mostly only concerned with a very important server that houses our financial data. So I'm going to add that to the where. And finally, I want to schedule this as a report that goes to our auditors on a weekly basis. And secondly, I want to create a real time alert when users access sensitive financial data.
So in this case, I want to narrow down the scope of the alert to a sensitive folder that contains credit card data. So I'll select the appropriate folder, I'm going to choose that-- to audit that folder and all the child objects. I'm going to audit all types of actions, so whether the file is opened, changed, moved, or deleted. And then, I'll set this up as a real time email alert, so it's sent to my security group if it's ever triggered. And I can receive these alerts by email, but also on my mobile device. And as an auditor, I'll see the regular report delivered to me by email every week, and as a security administrator I can receive real time alerts when the sensitive files that I configured earlier are being accessed.
05:04
