Ga naar hoofdinhoud

Shared Folders Event Monitor Reference Guide

notitie

Overview

The Shared Folders Event Monitor checks your network devices for shared folders. It provides valuable alerts regarding the number of readable and writable shares and can detect changes in the list of shares. Monitoring shared folders is crucial for security as they can pose risks if not properly managed. Often, shared folders are set up temporarily to facilitate data transfer and forgotten, posing potential security risks.

info

Use Cases

  • Identifying inadvertently shared folders.
  • Monitoring folders with write permissions to ensure data integrity.
  • Ensuring that known shared folders are consistently available for use.

Monitoring Options

Alert Conditions

  • Alert with [Info/Warning/Error/Critical] if readable shares are found: Monitors for shared folders that can be accessed and read.
  • Alert with [Info/Warning/Error/Critical] if writable shares are found: Checks if the monitor can write data to shared folders, confirming write permissions.
  • Alert with [Info/Warning/Error/Critical] if the list of shares has changed since the last check: Alerts when any modifications to the list of shares are detected compared to the last monitoring session.
  • Alert if more than a specified number of shares are found: Set thresholds for the total number of detectable shares.

Filtering Options

  • Ignore administrative shares (ipc$, c$, d$, etc): Excludes default administrative shares from monitoring to focus on user-created shares.
  • Ignore hidden shares (any share ending with $): Skips shares that are hidden but accessible to those with knowledge and permissions.
  • Ignore the following shares [list of shares]: Allows specification of specific shares to exclude from monitoring, enhancing focus on relevant shares.

Authentication and Security

  • The account used for authentication must have permissions to access the file shares, ensuring that monitoring is both thorough and compliant with security protocols.

Protocols

Data Points

  • This event monitor generates the following data points:
Data PointDescription
Average RateThe average bandwidth rate.
Minimum Download RateThe average minimum download rate.

Sample Output

Sample Output