File Audit - Find out Who touched What File and Why

To manage and correlate Security Event logs, click here.


To enforce concurrent Logon and Generate Logon Reporting, click here.


To monitor access to your organization’s data, standard Microsoft utilities only propose manual event log analysis. This very limited functionality leaves administrators having to decrypt hundreds or even thousands of events, attempting to retrieve those of interest to answer the question who touched what file.


Simple Solution:


File monitoring doesn't need to be complicated. File Audit can be installed and configured in literally a minute or two. Specify a local path and some file types to watch and it will get to work immediately.

Consider these advanced features:

   1.   File Audit runs as a service, so it is monitoring your system as soon as the computer is started--there is no need to login or start a program manually.
   2.   It has advanced resource usage throttling to make sure it doesn't affect the server it is running on or the network.
   3.   (Pro Only) HTTP based reports for viewing within the File Audit Console, or from a web browser.
   4.   Schedule reports to be automatically generated, and optionally have the URL emailed to you.
   5.   Ad hoc reports to quickly get answers based on data already collected.
   6.   Powerful and flexible actions that run in response to your alert criteria.
   7.   File Audit will tell you more about server file access than you've ever been able to find out before.


File Audit instantly gives a comprehensive list of File Access Queries, reports and notification: 

  1. read/write accesses

  2. appropriation attempts (accepted or denied)

  3. permission modification attempts (accepted or denied)

  4. each record detailing: the user, the domain, the date and time of the connection and disconnection

Based upon:

  1. a file

  2. a selection of files

  3. a folder and subfolders

  4. a selection of folders and subfolders

and gives you a very simple and efficient way of controlling the use made of your organization’s sensitive and confidential data.

How does File Audit® work?

  • Engagent File Audit's active file and folder auditing can be an important part of your Sarbanes-Oxley compliance, Payment Card Industry (PCI) compliance, and more. Plus, with the built in security settings, you'll know nobody is tampering with your File Audit installation.

    Some of the easy to use features include:

    • Monitor all files or a subset of files on a local disk for changes, access (reads), deletes, etc.
    • Receive notifications via email, SMS, SNPP pager, etc
    • Record file access, user and program to log files
    • Monitor log file integrity -- alert on changes, but keep quiet on normal log appends
    • (Pro only) Receive advanced file auditing alerts based on user behavior, such as reading all files in a folder (which might be a copy operation)
    • (Pro only) Record file and folder access to a database, and generate reports on specified files, users, access type or time ranges

    Why File Audit® ?

    Experience these benefits: 

    1. security for your confidential and sensitive data
    2. eradication of the workload related to data surveillance
    3. help toward your information systems compliance as to multiple international regulations and standards (HIPAA, Sarbane-Oxley, GLBA, NIST/FIPS, ITIL, COBIT, CISP, ISO 17799…)
    4. simplicity of use: context menu, agent-less solution
    5. efficiency: instant display, multiple selections

    File Integrity Monitoring

    Many compliance mandates require auditing file access and ensuring file integrity. Among those are: PCI DSS 10.5.5, 11.5, 12.9.5, SOX DS5.5, GLBA 16 CFR Part 314.4(b) and (3), HIPAA 164.312(e)(1), FISMA AC-19, CP-9, SI-1, SI-7, ISO 27001/27002 12.3, 12.5.1, 12.5.3, 15.3

    File Audit can monitor log files, even files that were opened before File Audit started. In addition, it can alert on writes (changes) to files, but ignore the expected appends to log files.

    Access event archiving
    Schedule File Audit to automatically archive into a database, at regular intervals, storing the file access events that occur on one or more systems.

    Audit and reporting
    File Audit displays file/folder access history in a printable report that can be scheduled to run automatically and exported in PDF format.

    Ease of Use

    1. Elimination of all duplicated, irrelevant and pseudo events, rendering analysis a lot easier and sparing backup disk space
    2. Ability to add display filters: accepted or denied access, type of access (read, write, delete, ...), user account, time frame, etc...
    3. Quick access to the latest files/folders audited
    4. Automatic configuration of the Windows audit on files/folders with default audit values

    Download FileAudit

  • Download

    Release Notes


    Technology Presentation


    Executive Summary


    File Audit Setup

    © 2002-2011 Engagent