Claimsman - solution for logging Windows OS user file accesses to Graylog

dscryber · March 15, 2022, 11:21pm

Claimsman - solution for logging Windows OS user file accesses to Graylog

@mikkolehtisalo

Introduction

Claimsman logs all file handle creation on Windows systems, and logs to both a local file and centralized log management system. The goal is to collect information that helps in answering the following two questions:

What files has user X accessed within defined time frame?
Who has accessed file X within defined time frame?

The application consists of a kernel driver, and an application (windows service) that forwards the data to log management system.

Topic		Replies	Views
Collect file access logs from Windows server? Graylog Central (peer support)	1	540	January 31, 2020
New to Graylog - need help getting started Graylog Central (peer support) sidecar , nxlog , winlogbeat , nodatanx	5	1637	April 30, 2017
Where to start? Graylog Central (peer support)	5	1309	August 14, 2017
Graylog Beginner - Wondering if I have the right tool for the job? Graylog Central (peer support)	3	148	January 25, 2024
Getting Windows Logs into GrayLog Process? Graylog Central (peer support) sidecar , windows , gelf	1	143	April 2, 2024

Claimsman - solution for logging Windows OS user file accesses to Graylog

Claimsman - solution for logging Windows OS user file accesses to Graylog

Introduction

Related Topics