- Windows file auditing isn't required to use the Log and Event Manager FIM
- That's still the case. IMHO, reads aren't worth collecting
- The "Writes" can be useful for flagging changes to permissions and ownership
- Some operations will always show NTSYSTEM, but as long as the Agent is running where files are hosted, deletes and creates ought to have user credentials on them
- Solarwinds Log and Event Manager - Configuring FIM and Analyzing FIM Data - YouTube
↧
Re: FIM Questions
↧