LOGbinder SP
Version: LOGbinder SP version 2 and later.
LOGbinder SP translates cryptic SharePoint audit data into easy-to-understand messages and sends them to your Netsurion. LOGbinder SP does not require an agent to be installed on your SharePoint servers, nor does it make intrusive changes to your SharePoint environment. It simply bridge the gap by bringing application security intelligence on SharePoint to your security operations center. LOGbinder SP is a small, efficient Windows service that runs on any Windows server that is a member of your SharePoint farm. This can be an existing SharePoint server or a dedicated server – even a VM. It just needs to be a member of the farm so that LOGbinder can interface with the SharePoint API.
Netsurion Open XDR seamlessly combines SIEM, Log Management, File Integrity Monitoring, machine Analytics and so forth. It is designed to address an ever-changing landscape of threats and challenges, with a full suite of high-performance tools for security, compliance, and operations. Netsurion Open XDR delivers comprehensive, useful and actionable insight into what is really going on in and around an enterprise IT environment.
The following are the key Data Source Integration available in Netsurion Open XDR.
Alerts
| Type | Name | Description |
|---|---|---|
| Security | LOGbinder – Setting changed | This alert is generated when any setting is changed. |
| Security | LOGbinder – Possible audit trail tampering | This alert is generated when LOGbinder detects an audit trail tampering. |
| Security | LOGbinder – SharePoint audit logs deleted | This alert is generated when SharePoint audit logs are deleted. |
| Security | LOGbinder – SharePoint audit policy change | This alert is generated when SharePoint audit policy change occurs. |
| Security | LOGbinder – SharePoint site collection administrator added | This alert is generated when SharePoint site collection administrator added. |
| Security | LOGbinder – SharePoint site collection administrator removed | This alert is generated when SharePoint site collection administrator removed. |
Reports
| Type | Name | Description |
|---|---|---|
| Security | LOGbinder – Error | This category based report provides information related to error events logged by LOGbinder SP application. |
| Security | LOGbinder – Setting changed | This category based report provides information about when any configuration setting changes done to LOGbinder SP. |
| Security | LOGbinder – Warning | This category based report provides information about warning events logged by LOGbinder SP application. |
| Security | LOGbinder – Noise events | This category based report provides information related to SharePoint “noise” events. |
| Security | LOGbinder – SharePoint access control change | This category based report provides information related to any access control changes made in SharePoint site. |
| Security | LOGbinder – SharePoint audit log deleted | This category based report provides information about deleted SharePoint audit logs. |
| Security | LOGbinder – SharePoint audit policy changed | This category based report provides information about any changes made to SharePoint audit policy changed. |
| Security | LOGbinder – SharePoint container object update | This category based report provides information related to container object updates in SharePoint site. |
| Security | LOGbinder – SharePoint document update | This category based report provides information related to any document checked in, checked out, Updated and deleted in SharePoint site. |
| Security | LOGbinder – SharePoint Import-Export | This category based report provides information related to object export and import activities in SharePoint. |
| Security | LOGbinder – SharePoint Information management policy changes | This category based report provides information related to any changes done in SharePoint Information management policy. |
Documentation
The configuration details are consistent with Netsurion Open XDR 7.x and later, and LOGbinder SP.
Download Integration Guide for configuration instructions and more information.