This Site Is Protected By
Shield Security →
Shield Security →
Ingest FileCatalyst Server logs (e.g., transfer.log , auth.log ) into your SIEM. Example detection rules:
Detecting if an unauthorized actor is using valid credentials to exfiltrate data at high speeds. filecatalyst detection and response
| Layer | Tools | |-------|-------| | | Zeek (with custom FileCatalyst analyzer), ntopng, Elastic Fleet | | SIEM | Splunk ES, Sentinel, QRadar (with FileCatalyst TA) | | NDR | ExtraHop Reveal(x), Darktrace (custom unmanaged device model) | | Endpoint | CrowdStrike (Falcon FileCatalyst process rules), Sysmon (Event ID 11 for file creates in HotFolders) | | SOAR | Palo Alto Cortex, Shuffle (to automate user disable on SIEM alert) | Ingest FileCatalyst Server logs (e