If you're having trouble at any stage please contact us at firstname.lastname@example.org.
Egnyte is a service to store, manage and share files as photos and documents. Egnyte service is delivered as a cloud service. Egnyte helps organizations move faster with infinite scalability and lower cost for their file sharing needs.
But at the same time, the public cloud Software as a Service (SaaS) model presents the organization with new security challenges.
The main challenges and needs are to:
- Get and retain full audit of activities in Egnyte account
- Retrieve the Egnyte account activities as users’ access to file/folders, files/folder sharing activities and scope, file/folders download and more.
- The granular activities should be available at the organization’s central log or event management system for compliance, investigation or forensic needs.
- Detect security threats and policy violations
What is it
SkyFormation Cloud Connector for Egnyte, is part of the SkyFormation Cloud Connectors module. It continuously ingests audit events from multiple audit sources in the Egnyteaccount, unify the events into a common application events format, enrich the events with needed detection context and send the events to any existing SIEM/SOC system.
How it works
SkyFormation Cloud Connector for Egnyte retrieves the events from the Egnyte service through its APIs. Before sending the events to the existing SIEM/SOC system the connector will
- Unify the events into the SkyFormation unified application events format
- Embed the origin event into the SkyFormation event
- Complement the event with missing information
- Enrich the event with detection context as AD identity information
- Encode the resulted event into a standard format (e.g. CEF)
- Send the event to the existing SIEM/SOC system over syslog
Egnyte Audit Sources & Events Supported
|Audit Source (API)||Service/Module Covered||Event Types||Events included|
|login audit report||Access||login success/failed, account locked-out|
|Password Management||password reset, password changed|
|Files||file copied, file created, file deleted, file moved, file renamed, file downloaded, file downloaded via anonymous link, file downloaded via authenticated link, file locked, file previewed, file previewed via anonymous link, file previewed via authenticated link, file unlocked, file uploaded|
|Notes||note created, note deleted, note added to file, note deleted from file, unsupported action,|
|Folders||folder copied, folder created, folder deleted, folder renamed, folder moved|
|permissions audit report||Folder ACL||add permission to group, add permission to user, remove permission from user, replace permission to user, add permission to role,|
|users audit report||Users Management||user created, user deleted, user email changed, ,||Represents events relate to users management|
|Settings||user first name changed, user last name changed, user disabled on expiration setting changed, user delete on expiration setting changed, user disabled, user enabled, user second factor enabled, user second factor disabled, user verify email,|
user downgraded from admin to power user, user downgraded from power user to standard user, user upgraded from standard to power user, user upgraded from power user to admin
user password changed, user password reset,
|groups audit report||Groups Management||group created, group deleted, group renamed, user added to group, user removed from group||Represents events relate to groups management|
How to on-board Egnyte Connector to SkyFormation