Claimsman - solution for logging Windows OS user file accesses to Graylog
@mikkolehtisalo
View on Github
Open Issues
Stargazers
Introduction
Claimsman logs all file handle creation on Windows systems, and logs to both a local file and centralized log management system. The goal is to collect information that helps in answering the following two questions:
- What files has user X accessed within defined time frame?
- Who has accessed file X within defined time frame?
The application consists of a kernel driver, and an application (windows service) that forwards the data to log management system.