What Can SharePoint Auditing Provide?
SharePoint is the dominant platform for documents and other unstructured data. Companies’ most scrutinized business processes and documentation are often facilitated by SharePoint, since it hosts unstructured data for distributed collaboration and acts as a repository of this data.
As more and more information and processes move to SharePoint, it becomes critical
for compliance and security requirements to monitor and audit SharePoint activity.
Beginning with SharePoint 2007, Microsoft added a true audit capability to SharePoint that is flexible and designed to satisfy compliance requirements for audit logging. You can track:
- viewing of documents and lists
- document check-in and check-out
- as well as updates to list items and documents
- permission changes and role updates
- group membership changes and changes to the audit policy
LOGbinder SP Bridges the Gap Between SharePoint and Your SIEM
LOGbinder SP solves 6 key issues with SharePoint's internal audit log:
- SharePoint's audit log does not provide the
names of users or objects. The SharePoint audit log fails to translate
record IDs, meaning you have no idea what object or user to which a given event
Click here for
of an audit event from SharePoint before being processed by LOGbinder SP.
- SharePoint's audit log is buried in SharePoint's
SQL server content database. To ensure the integrity of audit trails, logs must
be moved from the system where they are generated to a separate and secure archive.
However in SharePoint, the audit log isn't really a log - it's a table in
the SharePoint database. This makes it inaccessible for most log management
solutions. Without the ability to collect the SharePoint audit log into a
separate, secure log archive, its value as a high integrity audit trail is compromised.
- SharePoint's audit log has no reporting.
In Windows SharePoint Services the log is totally inaccessible, and in Office SharePoint
Services it's exposed through a few rudimentary, impractical reports in Excel.
- Windows SharePoint Services provides no interface
for enabling auditing at all. The audit log is there, but without custom
programming there's no way to turn it on, much less access the logs.
- SharePoint's audit log built-in trimming feature
can delete audit events before they are exported. Some editions of SharePoint
provide automatic log trimming of old events but there is no way to ensure events
have been archived first.
- No way to manage audit policy
In a SharePoint farm, each site collection has its own audit policy. Administrators have
no way to enforce consistent audit policy across all site collections. When a new site
collection is created, Administrators must remember to access the Site Collection's audit
settings page and enable auditing or the site will be unmonitored. This is especially
troublesome for farms with self-service site collection enabled because new sites can
be created directly by users without Administrator involvement.
LOGbinder SP solves all 6 of these problems and writes SharePoint audit events to
the Windows event log or Syslog where your log management / SIEM solution can take over with
archival, alerting and reporting.