LOGbinder for Exchange: Bridging the Gap Between Exchange and SIEMs

With today's compliance, discovery, and liability concerns, management is increasingly concerned about having a high integrity audit trail of access to mailboxes as well as privileged activity by Exchange administrators.

Microsoft has risen to the occasion with new native audit capabilities in Exchange Server 2010 but, like many audit logs today, the information is trapped within the application, and, specific to Exchange, audit logs are maintained in mailboxes.

Audit logs don't belong in the application they audit. Widely accepted best practices for information security mandate that audit logs be moved as frequently as possible to a separate, isolated log management system.

LOGbinder for Exchange, my third LOGbinder collector, efficiently processes native Exchange audit logs, resolves unreadable ID codes, and translate other cryptic codes, yielding an easy-to-understand Exchange audit log to the Windows event log where any log management/SIEM solution can take over with collection, alerting, reporting, and secure archival. LOGbinder for Exchange performs these functions on both the administrator audit log and the mailbox audit log.

Next:

• LOGbinder for Exchange events in the Security Log Encyclopedia
• Visit www.logbinder.com

 

Upcoming Webinars Unpacking a Linux Supply Chain Compromise Using the Recently Published XZ Utils Backdoor as the Example Assessing the Security of Your Active Directory: User Accounts Anatomy of a Cloud Hack: The Cloudflare/Okta Compromise – A Story of Tokens, Lateral Movement, Persistence and the Salvation of Zero Trust and Hard MFA Tokens

Additional Resources

•	Administrator Auditing
•	Mailbox Auditing
•	LOGbinder EX