Cisco Security Agent - CSA Logging features

Answered Question
Mar 17th, 2010
User Badges:

Please, I need yours help.

I have some questions which must be answered ASAP.



Is it possible

Logging - File copy from local drive to removable storages

Logging - File copy from network drive to removable disk

Logging – System parameters change

Logging – Connection to share on computer???


Correct Answer by dkthomas about 7 years 4 months ago

Actually you can monitor... if an event is logged into the Windows event logger, CSA can log that event as well....


We used the event logger to pull specific event log information into out CSA logs.. like, login and logout and disk errors.


I hope that helps,

-dt

Correct Answer by jan.nielsen about 7 years 4 months ago

Logging – System parameters change

   -registry changes

Yes

  - changing or replacing important system  files

Yes

  or any system changes which maybe take to instability  operating system normal functionality..

Much harder, since this is a million different ways an o/s could become unstable, but looking at certain system registry keys and system/system32 directories will give you alot of information you are looking for.


Logging – Connection to share on   computer???

Sorry it was incorrect.

Logging – Connection  to share folder on agent's computer?

Yes, you can log read/write access to a local folder which is shared, and with source @network in your rules, the actual attempt to connect to the share is probably a bit more difficult.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.7 (3 ratings)
Loading.
jan.nielsen Wed, 03/17/2010 - 05:59
User Badges:
  • Gold, 750 points or more

Logging - File copy from local  drive to removable storages

Yes

Logging - File copy from network drive to removable disk

Yes

Logging – System parameters change

Don't know what you are referring to...registry changes ?

Logging – Connection to share on  computer???

What do you mean, just the actual attempt to connect to the machine, or the accessing of data on the share ?

secureboy Wed, 03/17/2010 - 06:14
User Badges:


Thank you for quick reply..

Logging – System parameters change

I am referring that

  -registry changes

  - changing or replacing important system files

  or any system changes which maybe take to instability operating system normal functionality..


Logging – Connection to share on  computer???

Sorry it was incorrect.

Logging – Connection to share folder on agent's computer?

Correct Answer
jan.nielsen Wed, 03/17/2010 - 09:19
User Badges:
  • Gold, 750 points or more

Logging – System parameters change

   -registry changes

Yes

  - changing or replacing important system  files

Yes

  or any system changes which maybe take to instability  operating system normal functionality..

Much harder, since this is a million different ways an o/s could become unstable, but looking at certain system registry keys and system/system32 directories will give you alot of information you are looking for.


Logging – Connection to share on   computer???

Sorry it was incorrect.

Logging – Connection  to share folder on agent's computer?

Yes, you can log read/write access to a local folder which is shared, and with source @network in your rules, the actual attempt to connect to the share is probably a bit more difficult.

Correct Answer
dkthomas Thu, 03/18/2010 - 18:17
User Badges:

Actually you can monitor... if an event is logged into the Windows event logger, CSA can log that event as well....


We used the event logger to pull specific event log information into out CSA logs.. like, login and logout and disk errors.


I hope that helps,

-dt

Actions

This Discussion

Related Content