Varonis

Applies to: Varonis 6.3.190 and above

Overview

Varonis is a Data Security Platform that detects insider threats and cyberattacks by analyzing data, account activity and user behavior. It prevents and limits disaster by locking sensitive, and stale data and efficiently sustains a secure state with automation.

Varonis integrates with EventTracker SIEM application to provide security analytics with deep data context, so that organizations can be confident in their data security strategy. Benefits include scheduled reports, integrated Varonis dashboards and alerts for streamlined investigation.

Reports contain a detailed summary of events associated with exchange server activity, CIFS and NFS activity, share-point activity, and active directory activity.

Alerts are triggered as soon as critical events are received by EventTracker for Varonis, such as user lockout.

Dashboard is a graphical representation of all the activities happening in Varonis. These include event categories with cumulative log counts or percentage or by timeline.

These attributes or configurations of EventTracker allows administrators to quickly take appropriate actions against any threat/adversaries trying to jeopardize an organizations normal operation.

Previous Next

Once Varonis is configured to deliver events to EventTracker Manager alerts, dashboards, and reports can be configured into EventTracker.

Security

Alerts

Varonis: A user has been locked out - This alert is triggered as soon as EventTracker receives an event when any user is locked out.

Operation

Reports

Varonis: AD domain service and user status activities – This report outlines a detailed overview of events related to active directory activities, such as creation and deletion of all objects, lock/unlock accounts, etc. This will include event datetime, action taken, affected object name, etc.
Varonis: File permissions activities – This report outlines a detailed overview of events related to file system events, such as, file set permissions, file modify, file create, etc. This will include event datetime, action taken, file permission change, file/server domain, etc.
Varonis: Exchange mailbox and folder activities – This report will outline the detailed summary of events related to exchange server activities, such as, change folder permissions, create message, message received, etc. This will include event datetime, action taken, affected object name, rule name, etc.

Scope

The configuration details are consistent with EventTracker version 9.2 and later, and Varonis 6.3.190 and above.

Documentation

To configure Varonis to send logs to EventTracker, refer the How to Guide.

For more information please refer the Integration guide.