Microsoft Windows DFS

Version: Microsoft Windows Server®2003 and later.

Distributed File System (DFS) is a set of client and server services that allow an organization, using Microsoft Windows servers, to organize many distributed SMB file shares into a distributed file system. Distributed File System is implemented as a role service of the File Services role. Distributed File System consists of two role services: • DFS Namespaces • DFS Replication

Netsurion Open XDR gathers and examines acquired logs to identify the users who accessed DFS folders, audit settings changed on object (Files and Folders).

Netsurion Data Source Integration for Microsoft Windows DFS allows you to monitor following:-

  • Operations – Microsoft Windows DFS user logon success, DFS namespace activity and DFS replication activity.
  • Security – Microsoft Windows DFS network share object accessed and DFS client desired access.
  • Compliance – Microsoft Windows DFS auditing setting changed.

Once Microsoft Windows DFS is configured to deliver events to Netsurion Open XDR Manager; Alerts, Dashboards and Reports can be configured into Netsurion Open XDR.

The following are the key Data Source Integration available in Netsurion Open XDR.

Alerts

Type Name Description
Operations Microsoft Windows DFS – Namespace active directory issues This alert is generated when DFS server fails to contact domain controller, active directory and unable to access private data from active directory.
Operations Microsoft Windows DFS – Replication stopped This alert is generated when DFS replication service stops replication on the replicated folder.

Reports

Type Name Description
Security Microsoft Windows DFS – Network share object accessed This report provides information related to network share object accessed which includes columns such as Account Name, Account Domain, Object Type, Source Address, Source Port, Share Name , Share Path and Accesses.
Security Microsoft Windows DFS – Client desired access This report provides information related to client desired access which includes columns such as Account Name, Account Domain, Object Type, Source Address, Source Port, Share Name, Share Path, Relative Target Name, Access Request Information and Access Check Results whether desired access is granted or not granted.
Operations Microsoft Windows DFS – User login This report provides information related to DFS logon which includes columns such as Account Name, Account Domain, Logon Type, Source Address, Source Port and Workstation Name.
Operations Microsoft Windows DFS – Namespace activity This report provides information related to namespace activity which includes shared folder details located at DFSRoots.
Operations Microsoft Windows DFS – Replication activity This report provides information related replication activity which includes replicated folder root , file path, replicated folder name and replicated group name.
Compliance Microsoft Windows DFS – Auditing setting changed This report provides information related to auditing setting changed which includes columns such as Account Name, Account Domain, Object Server, Object Type, Object Path and New Security Descriptor.

Documentation:

The configuration details are consistent with Netsurion Open XDR 7.x and later, Microsoft Windows 2003 and later.

Download Integration Guide for configuration instructions and more information.