Skip to main content
Version: 1.3.0

Audit Tasks

This section outlines standard Superna Data Security Essentials procedures for creating a Data Security Essentials task. You can choose the specific data you want to collect in your database, or set up a single global audit task to track all data.

  1. Access Audit Tasks
    In the Data Security Essentials menu, click on Audit Tasks.

  2. Create New Task
    Click on the New Audit button to create a new audit task.

info

When testing tasks you have created, use an account different from the one used by Data Security Essentials services.

alt text

Properties

When you create a new audit task, it will appear in the list on the left. Start by filling out the Properties tab:

  1. Define the Task Name
    Enter a name for the task.
  2. Optional Description
    Add a description if desired.
  3. Select Monitored Events
    Choose the event(s) you want to monitor from the provided list. We recommend selecting all events to enhance the effectiveness of policy triggers.
  4. Add File Criteria
    Scroll down to specify file types based on their extensions, or leave this section empty to collect all events. Examples of custom patterns:
    • *.* for all files
    • *.rtf, *.doc for Word files only
note

If the Patterns list is empty, the task will audit all files.

After configuring these settings, save your changes and proceed to the next tab. alt text

Directories

Select the Directories tab to access detailed settings for directories.

alt text

Managed Directories

  1. Add Monitored Directories

    Click the Add button and enter the directory paths you want to monitor for events.

  2. Configure User Scope
    By default, tasks apply to all users. You can configure users and groups by clicking on the Users tab.

info

For the FlashBlade/FlashArray platform, the directory path format is \file_system\optional directory\optional subdirectory.

At least one managed path is required, leaving this empty does NOT monitor all paths. If you want to monitor all paths under a file system add \file_system as the path.

Exempted Subdirectories

To exempt specific subdirectories from monitoring:

  • Add Exemption

    Click the Add button and enter the name of the subdirectory you want to exempt from auditing. This subdirectory will be appended to each directory specified in the Directories tab.

    note

    Enter only the subdirectory name to exempt, not the full directory path.

Exempting directories from auditing can serve several important use cases:

  • Performance Optimization: Reduces the auditing overhead on high-traffic directories that generate a large volume of data, enhancing system performance.

  • Compliance Needs: Helps align with regulatory requirements by excluding directories governed by different compliance standards.

  • Allowlisting: Excludes certain directories from auditing to avoid unnecessary detection entries related to routine operations.

After configuring exemptions, save your changes and proceed to the next tab.

Users

Select the Users tab to view detailed settings for users.

alt text

Managed Users

Add the users or groups that you wish to audit within your environment.

note

If you don’t add any users or groups, all users will be audited by default.

Exempted Users

Typically, administrators, backup operators, replicators, and the system account are exempt from policies.

  • Change Existing Exemptions
    Click the button to the right of the entry and select Delete or Modify as needed.

  • Add New Exemption
    Click the Add button, enter the name of the user or group, select the type, and click the Managed Users button. The selected user/group will then be added to the exempt users list.

Exempting users from auditing can serve several important use cases:

  • Compliance Needs: Align with regulatory requirements by excluding specific users that are governed by different compliance standards.
  • Testing and Development: Exempt users involved in testing or development to prevent their actions from cluttering audit logs and impacting analysis.
  • Allowlisting: Exclude certain users or service accounts from auditing to avoid unnecessary detection entries related to routine operations.

After configuring these settings, save your changes. To edit the task, click its name in the list. To delete it, select the ellipsis menu next to the task name.