Systems and methods for monitoring messaging systems
First Claim
1. A method for auditing messaging activity in an exchange server electronic messaging system, the method comprising:
- adding a hook executing in one or more computer processors to an exchange server electronic messaging service, the hook configured to detect a request by a user to access a mailbox associated with the exchange server electronic messaging service; and
when data associated with the request is changing at least one folder permission of a folder associated with the mailbox, issuing an alert when an identity of the user is not the same as an identity of an owner of the mailbox, the alert reporting at least one of information on the particular mailbox accessed, the identity of the user, a path to the folder in the mailbox, a folder name, one or more new folder permission values, and one or more old folder permission values with respect to the mailbox.
24 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods for monitoring and/or auditing of events in an electronic messaging environment, such as Microsoft® Exchange, are described. One or more monitoring components are installed on messaging system servers to collect, in real-time, information on messaging system events. Certain embodiments are configured to audit and/or provide alerts regarding non-owner activity, such as when a user or administrator has gained access to another user'"'"'s mailbox. Alerts can advantageously facilitate prompt corrective action by delivering detailed information about the access activity, such as which email message or folder was accessed, when the access occurred, from what location (e.g., IP address) when the access was initiated, and the type of access, as well as permission changes made to the mailbox or folders. The monitoring systems can also be configured to audit changes to client permissions for folders and delegate assignment and/or changes to configuration objects of the messaging system.
98 Citations
20 Claims
-
1. A method for auditing messaging activity in an exchange server electronic messaging system, the method comprising:
-
adding a hook executing in one or more computer processors to an exchange server electronic messaging service, the hook configured to detect a request by a user to access a mailbox associated with the exchange server electronic messaging service; and when data associated with the request is changing at least one folder permission of a folder associated with the mailbox, issuing an alert when an identity of the user is not the same as an identity of an owner of the mailbox, the alert reporting at least one of information on the particular mailbox accessed, the identity of the user, a path to the folder in the mailbox, a folder name, one or more new folder permission values, and one or more old folder permission values with respect to the mailbox. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A system for auditing user activity in an exchange server electronic messaging environment, the system comprising:
-
computer hardware including at least one computer processor; and a plurality of components stored in computer-readable storage and comprising computer-readable instructions that, when executed by the at least one computer processor, cause the computer hardware to perform operations defined by the computer-readable instructions, the components including; a hook added to an exchange server electronic messaging service, the hook configured to detect a request by a user to access a mailbox associated with the exchange server electronic messaging service; and a user interface component configured to automatically generate an alert in response to an identity of the user not being the same as an identity of an owner of the mailbox when data associated with the request is changing at least one folder permission of a folder associated with the mailbox, the alert reporting at least one of information identifying the accessed mailbox, the identity of the user, a path to the folder in the mailbox, a folder name, one or more new folder permission values, and one or more old folder permission values with respect to the mailbox. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
-
-
20. A system for auditing activity in an exchange server electronic messaging service, the system comprising:
-
computer hardware including at least one computer processor; and a plurality of components stored in computer-readable storage and comprising computer-readable instructions that, when executed by the at least one computer processor, cause the computer hardware to perform operations defined by the computer-readable instructions, the components including; means for adding a hook to an exchange server electronic messaging service, the hook configured to detect a request by a user to access a mailbox and to obtain data associated with the request; and means for issuing an alert in response to an identity of the user not being the same as an identity of an owner of the mailbox when data associated with the request is changing at least one folder permission of a folder associated with the mailbox, the alert reporting at least one of information identifying the accessed mailbox, the identity of the user, a path to the folder in the mailbox, a folder name, one or more new folder permission values, and one or more old folder permission values with respect to the mailbox.
-
Specification