LOGbinder SP

Version: LOGbinder SP version 2 and later.

LOGbinder SP translates cryptic SharePoint audit data into easy-to-understand messages and sends them to your Netsurion. LOGbinder SP does not require an agent to be installed on your SharePoint servers, nor does it make intrusive changes to your SharePoint environment. It simply bridge the gap by bringing application security intelligence on SharePoint to your security operations center. LOGbinder SP is a small, efficient Windows service that runs on any Windows server that is a member of your SharePoint farm. This can be an existing SharePoint server or a dedicated server – even a VM. It just needs to be a member of the farm so that LOGbinder can interface with the SharePoint API.

Netsurion Open XDR seamlessly combines SIEM, Log Management, File Integrity Monitoring, machine Analytics and so forth. It is designed to address an ever-changing landscape of threats and challenges, with a full suite of high-performance tools for security, compliance, and operations. Netsurion Open XDR delivers comprehensive, useful and actionable insight into what is really going on in and around an enterprise IT environment.

The following are the key Data Source Integration available in Netsurion Open XDR.

Alerts

Type Name Description
Security LOGbinder – Setting changed This alert is generated when any setting is changed.
Security LOGbinder – Possible audit trail tampering This alert is generated when LOGbinder detects an audit trail tampering.
Security LOGbinder – SharePoint audit logs deleted This alert is generated when SharePoint audit logs are deleted.
Security LOGbinder – SharePoint audit policy change This alert is generated when SharePoint audit policy change occurs.
Security LOGbinder – SharePoint site collection administrator added This alert is generated when SharePoint site collection administrator added.
Security LOGbinder – SharePoint site collection administrator removed This alert is generated when SharePoint site collection administrator removed.

Reports

Type Name Description
Security LOGbinder – Error This category based report provides information related to error events logged by LOGbinder SP application.
Security LOGbinder – Setting changed This category based report provides information about when any configuration setting changes done to LOGbinder SP.
Security LOGbinder – Warning This category based report provides information about warning events logged by LOGbinder SP application.
Security LOGbinder – Noise events This category based report provides information related to SharePoint “noise” events.
Security LOGbinder – SharePoint access control change This category based report provides information related to any access control changes made in SharePoint site.
Security LOGbinder – SharePoint audit log deleted This category based report provides information about deleted SharePoint audit logs.
Security LOGbinder – SharePoint audit policy changed This category based report provides information about any changes made to SharePoint audit policy changed.
Security LOGbinder – SharePoint container object update This category based report provides information related to container object updates in SharePoint site.
Security LOGbinder – SharePoint document update This category based report provides information related to any document checked in, checked out, Updated and deleted in SharePoint site.
Security LOGbinder – SharePoint Import-Export This category based report provides information related to object export and import activities in SharePoint.
Security LOGbinder – SharePoint Information management policy changes This category based report provides information related to any changes done in SharePoint Information management policy.

Documentation

The configuration details are consistent with Netsurion Open XDR 7.x and later, and LOGbinder SP.

Download Integration Guide for configuration instructions and more information.