Use-case 29: How To Alert Recurring File Deletion In Your Active DIrectory
This one is a quickie...
There are file server which contain organizational level resources and a few users have access to it. Creation, modification and deletion of files and folders is just a day to day chore. But, let's presume a rogue employee who has access to the server, is on file deletion spree. How would you assess the threat and douse it? Would you need a solution that dynamically monitors the allowable limits of deletion and alert once it exceeds?
Here's how ADAudit Plus does it.
Step 1: Kindly go to File Audit --> Configuration --> File Audit Report Profiles --> New Report Profile.
Step 2: Kindly provide a name on Report Profile Name and Description.
The Category would be File Audit and Actions are File Deleted 2012, File Deleted 2k3 and File Deleted 2k8.
Choose the Domain. Click on Add Shares to add the servers, shares, etc. and Save.
Step 3: Kindly go to Alerts --> New Alert Profile. Provide a Name, Description and Severity.
Choose the Category and Report Profile.
You can customize a message to be sent by email on Alert Message.
Under Advanced Configuration, choose Threshold Based Alerts to provide the maximum permissible file deletions allowed within a certain time period before an alert is triggered.
Then choose E-mail Notification --> specify the email address --> subject, format(text or HTML) and email content --> Click on Save.