Use the comprehensive criteria and rule actions of Data Activity monitoring (DAM) access
policy to monitor FAM for NAS and SP in deeper granularity. Set up alerts on a subset of users,
audit all or a set of users, and optionally ignore a set of users or operations.
About this task
Apply Data Activity Monitoring (DAM) access policy to NAS and SharePoint to achieve granular
policy filtering.
Procedure
-
Go to .
- Create a policy by clicking the icon.
- From the Name and properties pane of the Create New
Policy window, set the policy type to Data security policy and
define a policy name.
- Click the Rules pane to begin working with policy rules. Create a
rule by clicking the icon.
- From the Rule definition pane of the Create New
Rule window, define a Rule name. Set the Rule
type to Access.
- Click the Rule criteria pane. Use the menus to select
individual parameters, define selection operators, and then specify values or groups to match.
For FAM for NAS and SharePoint, use the following criteria:
- Session level criteria
-
- Operating system user: The username of NAS or SharePoint. The database
username is also the same.
- Client IP address: The IP address that is used to connect to NAS or
SharePoint.
- Server IP address: The IP address where the NAS or SharePoint server is
hosted.
- Server host name: The hostname of the NAS or SharePoint host
- Service name: To process FAM for NAS traffic, use
NASFAM. For SharePoint, use SPFAM.
- SQL criteria
-
- Command
Note: Commands are case-sensitive.
For NAS, use the
following commands:
- Rename
- Update
- Create
- Read
- Delete
- Access Rights Change
For SharePoint, use the following commands:
- CheckOut
- CheckIn
- View
- Delete
- Update
- ProfileChange
- ChildDelete
- Object
- For NAS, provide the absolute path of the file name or directory name.
- For SharePoint, provide the full URL to the SharePoint object.
Attention:
When both DAM and FAM for NAS and SP policies are installed to monitor NAS and SharePoint
traffic, FAM rules are evaluated and triggered last, regardless of the order of the policies.
Enable Continue to next rule for all DAM policy rules to ensure that the
FAM rules are triggered.
- Click the Rule action pane to begin working with rule actions,
then create a new rule action by clicking the icon.
For FAM for NAS and SharePoint, use the following actions:
- ALERT PER MATCH
- ALERT DAILY
- ALERT ONLY
- ALERT PER TIME GRANULARITY
- LOG MASKED DETAILS
- LOG FULL DETAILS
- LOG FULL DETAILS WITH REPLACED VALUES
- SKIP LOGGING
- LOG ONLY
Note: FAM for NAS and SharePoint does not support actions that are tracked per session or require
S-TAP.
- After the rule is defined, click OK to return to the
Rules pane.
Continue working with rules as
needed.
- After the policy and its rules are defined, click OK to save the
policy and return to the Security Policies table.