LOGbinder SP

Latest Tips and News
On the Web
Videos
Documents

What Can SharePoint Auditing Provide?

SharePoint is the dominant platform for documents and other unstructured data. Companies’ most scrutinized business processes and documentation are often facilitated by SharePoint, since it hosts unstructured data for distributed collaboration and acts as a repository of this data.

As more and more information and processes move to SharePoint, it becomes critical for compliance and security requirements to monitor and audit SharePoint activity. 

Beginning with SharePoint 2007, Microsoft added a true audit capability to SharePoint that is flexible and designed to satisfy compliance requirements for audit logging. You can track:

  • viewing of documents and lists
  • document check-in and check-out
  • as well as updates to list items and documents
  • permission changes and role updates
  • group membership changes and changes to the audit policy

LOGbinder SP Bridges the Gap Between SharePoint and Your SIEM

LOGbinder SP solves 6 key issues with SharePoint's internal audit log:

  1. SharePoint's audit log does not provide the names of users or objects.  The SharePoint audit log fails to translate record IDs, meaning you have no idea what object or user to which a given event refers!  Click here for an example  of an audit event from SharePoint before being processed by LOGbinder SP.
  2. SharePoint's audit log is buried in SharePoint's SQL server content database. To ensure the integrity of audit trails, logs must be moved from the system where they are generated to a separate and secure archive.  However in SharePoint, the audit log isn't really a log - it's a table in the SharePoint database.  This makes it inaccessible for most log management solutions.  Without the ability to collect the SharePoint audit log into a separate, secure log archive, its value as a high integrity audit trail is compromised.
  3. SharePoint's audit log has no reporting.  In Windows SharePoint Services the log is totally inaccessible, and in Office SharePoint Services it's exposed through a few rudimentary, impractical reports in Excel.
  4. Windows SharePoint Services provides no interface for enabling auditing at all.  The audit log is there, but without custom programming there's no way to turn it on, much less access the logs. 
  5. SharePoint's audit log built-in trimming feature can delete audit events before they are exported. Some editions of SharePoint provide automatic log trimming of old events but there is no way to ensure events have been archived first.
  6. No way to manage audit policy In a SharePoint farm, each site collection has its own audit policy. Administrators have no way to enforce consistent audit policy across all site collections. When a new site collection is created, Administrators must remember to access the Site Collection's audit settings page and enable auditing or the site will be unmonitored. This is especially troublesome for farms with self-service site collection enabled because new sites can be created directly by users without Administrator involvement.

LOGbinder SP solves all 6 of these problems and writes SharePoint audit events to the Windows event log or Syslog where your log management / SIEM solution can take over with archival, alerting and reporting.

Next: