Varonis

Version: Varonis 6.3.190 and above

Varonis is a Data Security Platform that detects insider threats and cyberattacks by analyzing data, account activity and user behavior. It prevents and limits disaster by locking sensitive, and stale data and efficiently sustains a secure state with automation.

Varonis integrates with Netsurion Open XDR to provide security analytics with deep data context, so that organizations can be confident in their data security strategy. Benefits include scheduled reports, integrated Varonis dashboards and alerts for streamlined investigation.

Reports contain a detailed summary of events associated with exchange server activity, CIFS and NFS activity, share-point activity, and active directory activity.

Alerts are triggered as soon as critical events are received by Netsurion Open XDR for Varonis, such as user lockout.

Dashboard is a graphical representation of all the activities happening in Varonis. These include event categories with cumulative log counts or percentage or by timeline.

These attributes or configurations of Netsurion Open XDR allows administrators to quickly take appropriate actions against any threat/adversaries trying to jeopardize an organization’s normal operation.

Once Varonis is configured to deliver events to Netsurion Open XDR; alerts, dashboards and reports can be configured into Netsurion Open XDR.

The following are the key Data Source Integration available in Netsurion Open XDR.

Alerts

TypeNameDescription
SecurityVaronis – A user has been locked outThis alert is triggered as soon as EventTracker receives an event when any user is locked out.
OperationsVaronis – AD domain service and user status activitiesThis report outlines a detailed overview of events related to active directory activities, such as creation and deletion of all objects, lock/unlock accounts, etc. This will include event datetime, action taken, affected object name, etc.
OperationsVaronis – File permissions activitiesThis report outlines a detailed overview of events related to file system events, such as, file set permissions, file modify, file create, etc. This will include event datetime, action taken, file permission change, file/server domain, etc.
OperationsVaronis – Exchange mailbox and folder activitiesThis report will outline the detailed summary of events related to exchange server activities, such as, change folder permissions, create message, message received, etc. This will include event datetime, action taken, affected object name, rule name, etc.

Documentation

The configuration details are consistent with Netsurion Open XDR 9.2 or later, and Varonis.

Download Integration Guide and How-to Guide for configuration instructions and more information.