File Access Report

The File Access Report page allows you to build Access Activity reports from the logs that you have ingested into the DataDefender product. While the Monitoring page generates reports on events around your cloud account, the File Access Report views activity around a file-focused approach. The File Access Report page consists of 2 parts: Query Builder to pull data and Activity Data to show the data.

Query Builder

This tool allows you to pull information from audit logs. Query Builder offers the ability to slice by time, identity, resource, and path.

Data Source:

• Currently, DataDefender supports two sources of data to pull from for File Access Lookup: S3 Access Logs and CloudTrail. Select the desired data source by clicking the dropdown and choosing the source of data to search from.

Identity:

• Searches by IAM entity making the request to the file.

• Example: CloudStorageSecConsoleRole-aaaaa/aaaa-aaaaa-aaaaa

Conditions

• Searches by storage container name.

• Example: "my-bucket-01"

Path

• Searches by path of the storage container to search.

• Example: /documents/report.pdf

Export Data

We provide the results of the search in a CSV format. Select 'Export Data' and a menu will pop up with the option to download the report now or save the link for later. The link is valid for 12 hours.

Access Activity

After Query Builder is run, we return Access Activity by providing the relevant logs. Information provided below includes all of the Attributes included in the Query and additional attributes including Account ID, Source Location, Resource Type, Action, and Event Name.