Connecting SharePoint Audit to SIEM/Log Management
LOGbinder for SharePoint is a small, efficient Windows service installed on any
one of the servers in the SharePoint farm. It monitors the internal SharePoint audit
log without making any changes to your SharePoint installation.
For each event, LOGbinder for SharePoint resolves the user and object IDs and other cryptic
codes, producing an easy-to-understand, plain-English translation of the SharePoint
audit event.
As illustrated on the right, the LOGbinder for SharePoint collector writes events to the Windows
event log where any log management/SIEM solution can collect them and provide subsequent
alerting, reporting, and archival.
We provide
guidance
on the events you should alert for reports that should be implemented and reviewed.
We even provide compliance mappings to common control frameworks required by HIPAA,
SOX, PCI, etc. Even better, for a growing number of log management solutions we
even provide alert rules and report definition files ready to be imported into your
installation - and we are working with SIEM vendors to include our SharePoint audit
alerts and reports out of the box to make life even easier for users of LOGbinder for SharePoint.
Download our
Recommended Report and Alert Designs for LOGbinder for SharePoint.
But what if you don't already have such an infrastructure in place? No problem!
We are working closely with many SIEM vendors to build alert rules and SharePoint audit reports directly
into their SIEM solutions. Check to see if your SIEM vendor has been certified as one of our
SIEM Synergy Partners.
More information on LOGbinder for SharePoint: