LOGbinder SP

Applies To: LOGbinder SP version 2 and later.

Overview

LOGbinder SP translates cryptic SharePoint audit data into easy-to-understand messages and sends them to your EventTracker. LOGbinder SP does not require an agent to be installed on your SharePoint servers, nor does it make intrusive changes to your SharePoint environment. It simply bridge the gap by bringing application security intelligence on SharePoint to your security operations center. LOGbinder SP is a small, efficient Windows service that runs on any Windows server that is a member of your SharePoint farm. This can be an existing SharePoint server or a dedicated server – even a VM. It just needs to be a member of the farm so that LOGbinder can interface with the SharePoint API.

EventTracker is an enterprise-class platform that seamlessly combines SIEM, Log Management, File Integrity Monitoring, machine Analytics and so forth. It is designed to address an ever-changing landscape of threats and challenges, with a full suite of high-performance tools for security, compliance, and operations. EventTracker delivers comprehensive, useful and actionable insight into what is really going on in and around an enterprise IT environment.

LOGbinder SP Logging

EventTracker Knowledge Pack for LOGbinderSQL allows you to monitor following:-

• Monitoring uptime status of SharePoint Server
• Monitoring Disk and Memory Problem on SharePoint Server
• Monitoring Microsoft Office SharePoint Server services
• Monitoring Microsoft Office SharePoint Server
• Monitoring SharePoint Audit Trail Integrity
• Monitoring any Information Management Policy Changes
• Monitoring Item updates done in SharePoint Site Collection
• Monitoring Generic Object Changes done in SharePoint Site Collection

Previous Next

Once logs are received in to EventTracker, Alerts and reports can be configured into EventTracker. 

Some of the Knowledge Packs available in EventTracker are listed below. For more information please refer Integration Guide.

Categories and Reports:-

• LOGbinder: LOGbinder error - This category based report provides information related to error events logged by LOGbinder SP application.
• LOGbinder: LOGbinder setting changed - This category based report provides information about when any configuration setting changes done to LOGbinder SP.
• LOGbinder: LOGbinder warning - This category based report provides information about warning events logged by LOGbinder SP application.
• LOGbinder: Noise events - This category based report provides information related to SharePoint "noise" events.
• LOGbinder: SharePoint access control change - This category based report provides information related to any access control changes made in SharePoint site.
• LOGbinder: SharePoint audit log deleted - This category based report provides information about deleted SharePoint audit logs.
• LOGbinder: SharePoint audit policy changed - This category based report provides information about any changes made to SharePoint audit policy changed.
• LOGbinder: SharePoint container object update - This category based report provides information related to container object updates in SharePoint site.
• LOGbinder: SharePoint document update - This category based report provides information related to any document checked in, checked out, Updated and deleted in SharePoint site.
• LOGbinder: SharePoint Import-Export - This category based report provides information related to object export and import activities in SharePoint.
• LOGbinder: SharePoint Information management policy changes - This category based report provides information related to any changes done in SharePoint Information management policy.

Alerts:-

• LOGbinder: LOGbinder setting changed - This alert is generated when any setting is changed.
• LOGbinder: Possible audit trail tampering - This alert is generated when LOGbinder detects an audit trail tampering.
• LOGbinder: SharePoint audit logs deleted - This alert is generated when SharePoint audit logs are deleted.
• LOGbinder: SharePoint audit policy change - This alert is generated when SharePoint audit policy change occurs.
• LOGbinder: SharePoint site collection administrator added - This alert is generated when SharePoint site collection administrator added.
• LOGbinder: SharePoint site collection administrator removed - This alert is generated when SharePoint site collection administrator removed.

Scope

The configuration details in this guide are consistent with EventTracker version 7.X and later, and LOGbinder SP version 2 and later.

Documentation:

For more information please refer to the Integration guide