Next, for Type, I select the type of auditing I want (Success/Fail/All). On the page for the auditing entry, in Principal, I click Select a principal. I choose Security, Advanced, and Auditing and then choose Add to add a new auditing entry. I open the file system in Windows Explorer and then right-click and select Properties. I open File Explorer and follow the documentation to map my new file system. When the instance is available, I connect to it using a remote desktop client. I choose CloudWatch Logs and then choose a CloudWatch Logs log group in my account.Īfter my file system has been created, I launch a new Amazon Elastic Compute Cloud (Amazon EC2) Instance and join it to my Active directory. In Advanced, for Choose an event log destination, I can change the destination for publishing user access events. In Auditing, I see that File access auditing is turned on by default. To use the auditing feature, Throughput capacity must be at least 32 MB/s, as shown here: On the Select file system type page, I choose Amazon FSx for Windows File Server, and then configure other settings for the file system. To enable file access auditing on a new file system, I head over to the Amazon FSx console and choose Create file system. Using File Access Auditing on a New File System For example, you can configure AWS Lambda and Amazon CloudWatch alarms to send a notification to data security personnel when unauthorized access occurs. You can also set up Lambda functions that are triggered by new audit events. From there, you can view and query logs in CloudWatch Logs, archive logs to Amazon Simple Storage Service (Amazon S3), or use AWS Partner solutions, such as Splunk and Datadog, to monitor your logs. The destination options are logging to Amazon CloudWatch Logs or streaming to Amazon Kinesis Data Firehose. You can choose a destination for publishing audit events in the Windows event log format. File access auditing will be particularly important to regulated customers such as those in the financial services and healthcare industries. By using file access auditing, enterprise storage administrators and compliance auditors can meet security and compliance requirements while eliminating the need to manage storage as logs grow over time. In addition to key features such as user quotas, end-user file restore, and Microsoft Active Directory integration, the team has now added support for the auditing of end-user access on files, folders, and file shares using Windows event logs.įile access auditing allows you to send logs to a rich set of other AWS services so that you can query, process, and store your logs. It is built on Windows Server and offers a rich set of enterprise storage capabilities with the scalability, reliability, and low cost that you have come to expect from AWS. Amazon FSx for Windows File Server provides fully managed file storage that is accessible over the industry-standard Server Message Block (SMB) protocol.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |