Capabilities
This section describes the main File Access Manager capabilities and provides a technical mapping of each service to a set of capabilities. You can find more information on each capability in the relevant chapters of this guide.
Feature | Description |
---|---|
Activity Monitoring | Activity monitoring involves capturing information about events that users perform on monitored applications. An activity includes: - Who? - A user - Performed what action? - Read, write, or delete - Where? - On what business resource? For example, a file, a file folder, a SharePoint site, or an Exchange mailbox - When? - Date and time which is displayed in the user’s local time |
Real-Time Alerts | Issue real-time alerts based on pre-defined alert rules regarding suspicious activities. |
Threshold-Based Alerts | Issue threshold alerts when activities exceed a defined threshold within a timeframe, e.g., "Alert me when a user reads more than 1000 files in an hour." |
Crawling | The process that discovers business resources (BRs) of an application (folders, mailboxes, etc.), required for capabilities like Permissions Collection and Data Classification. |
Permissions Collection | Discovers and collects permissions on the BR(s) of an application for use in Permissions Forensics, Access Certification campaigns, Access Requests, etc. |
Data Classification | Provides the ability to discover and classify resources/files with sensitive information like credit card data, personal information, and health records. |
Identity Collection | Collects and aggregates users and groups from identity repositories (e.g., Active Directory, Azure, NIS) for analyzing users, groups, memberships, and structures. |
Access Certification | A campaign process to certify or remove stale or unneeded permissions or identities. |
Access Requests | Users' requests to gain permission to BR(s), managed and automatically fulfilled using approval workflows. |
Access Fulfillment | Automatically adds or removes permissions to users’ BR(s). |
Discovery of Data Owners | Automates the process of identifying data owners by collecting activity/permissions data and consulting business users about folder ownership. |