Hello everyone hope the week is going well for all, My questions is about FAAM and alerts.
Has anyone setup FAAM related alerts? ex: I have a laptop and I copy a network share directory to the desktop of said laptop, it’s fairly large amount of data and is a few folders deep, OR I found out my boss is going to let me go so I delete all my personal files form my network home directory. How would I set up an alert for those types of scenarios, or similar ?
you would set up FAAM on the file server, since FAAM is for network shares only then as far as building a detection on those events you could create a Custom Detection rule that says for example, alert me if I see X number of unique files being accessed in Y minutes.
An example Custom Detection Rule Might look something like this
This says for any user, when the access type is observed as Delete, and there are 1000 unique file names accessed in 10 minutes, create an Investigation.
