File system monitoring and auditing via monitor system having user-configured policies
First Claim
1. A method for centralized monitoring of plural file systems operating in association with an enterprise computing environment, comprising:
- providing each of the plural file systems with a security policy, the security policy defining one or more file system access activities to be monitored at the file system;
receiving from each of the plural file systems audit trail data, the audit trail data having been generated locally as file system access activity is intercepted at the file system in accordance with the security policy; and
storing the audit trail data received from the plural file systems; and
applying the security policy audit trail data received from at least one of the plural file systems and, in response thereto, taking a given action.
1 Assignment
0 Petitions
Accused Products
Abstract
Centralized monitoring of plural file systems that operate within or in association with an enterprise computing environment is provided. Each of the plural file systems are provided with a security policy, wherein the security policy defines one or more file system access activities to be monitored at the file system. Each file system is instrumented with a software agent that intercepts the relevant file system access activity. A centralized collector component is operative to receive from each of the plural file systems audit trail data, wherein the audit trail data is data that has been generated locally as file system access activity is intercepted at the file system by the local software agent in accordance with the applicable security policy. The collector applies the security policy against the audit trail data received from at least one of the plural file systems and, in response thereto, takes a given action.
-
Citations
23 Claims
-
1. A method for centralized monitoring of plural file systems operating in association with an enterprise computing environment, comprising:
-
providing each of the plural file systems with a security policy, the security policy defining one or more file system access activities to be monitored at the file system; receiving from each of the plural file systems audit trail data, the audit trail data having been generated locally as file system access activity is intercepted at the file system in accordance with the security policy; and storing the audit trail data received from the plural file systems; and applying the security policy audit trail data received from at least one of the plural file systems and, in response thereto, taking a given action. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. An apparatus, comprising:
-
a processor; computer memory holding computer program instructions for centralized monitoring of plural file systems operating in association with an enterprise computing environment, the computer program instructions comprising; program code operative to provide each of the plural file systems with a security policy, the security policy defining one or more file system access activities to be monitored at the file system; program code operative to receive from each of the plural file systems audit trail data, the audit trail data having been generated locally as file system access activity is intercepted at the file system in accordance with the security policy; and program code operative to store the audit trail data received from the plural file systems; and program code operative to apply the security policy audit trail data received from at least one of the plural file systems and, in response thereto, to take a given action. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A computer program product comprising computer program instructions on non-transitory computer-readable media, the computer program instructions executed by a processor to provide centralized monitoring of plural file systems operating in association with an enterprise computing environment, the computer program instructions comprising:
-
program code operative to provide each of the plural file systems with a security policy, the security policy defining one or more file system access activities to be monitored at the file system; program code operative to receive from each of the plural file systems audit trail data, the audit trail data having been generated locally as file system access activity is intercepted at the file system in accordance with the security policy; and program code operative to store the audit trail data received from the plural file systems; and program code operative to apply the security policy audit trail data received from at least one of the plural file systems and, in response thereto, to take a given action. - View Dependent Claims (16, 17, 18, 19, 20, 21)
-
-
22. A computer program product comprising computer program instructions on non-transitory computer-readable media, the computer program instructions executed by a processor in association with a file system in an enterprise computing environment, the computer program instructions comprising:
-
program code operative to receive from a central, remote security monitoring system a security policy, the security policy defining one or more file system access activities to be monitored at the file system; program code operative to generate audit trail data based on file system access activity intercepted at the file system in accordance with the security policy; and program code operative to transmit the audit trail data to the remote security monitoring system, the audit trail data being received at the central, remote security monitoring system where it is applied against the security policy to determine whether a given action should be taken at the file system. - View Dependent Claims (23)
-
Specification