HCL Domino Ideas Portal
Welcome to the #dominoforever Product Ideas Forum! The place where you can submit product ideas and enhancement request. We encourage you to participate by voting on, commenting on, and creating new ideas. All new ideas will be evaluated by HCL Product Management & Engineering teams, and the next steps will be communicated. While not all submitted ideas will be executed upon, community feedback will play a key role in influencing which ideas are and when they will be implemented.
For more information and upcoming events around #dominoforever, please visit our Destination Domino Page
Check out https://extracomm.com/securtrac. SecurTrac has the capability to detect bulk actions. For example, if a user tries to replicate or copy a database to a local machine, this action would trigger many document reads in a short period of time. In such a case, SecurTrac's bulk action detection feature would be triggered and send a notification to the security officer. This allows administrators to be alerted to and investigate any suspicious bulk activities that could indicate potential data breaches or other security concerns.
Yes, but thats not the point. The log.nsf provides an indication of who was reading many documents in a short period of time. This is not a guarantuee but an indication of suspicious behaviour. An agent would most likely not read all documents (except of poorly written agents), and scheduled agents would not run with the users identity. So if there was read activity, it is a user who pulled a new local replica. You can of course set the ACL flag to disable replication or copy activities to limit exposure.
However, what you are looking for is behaviour analysis, which is provided by SIEM solutions like QRadar.
Have you ever used that db? Besides information in one place like log.nsf or console.log files are in many organizations kept for a while. Information about who read documents and counting them could be misleadeing i.e agent which is going thru multiple documents on behalf of signer. So in the end you cannot be sure if database was copied or not. Information about copied database could be used as Data Leak Prevention. Currently administrators do not have idea if someone did copied database or not. Additionaly the admins have to have suspicion that someone did that and then run db analysis tool. And there is another problem, that you need keep activity logs for all dbs.....Simple entry in console would so simple and would be enough....After that you have neccessary information in your console log, you can create event handler to react when someone try to copy db....
Unlikely to be implemented because to the server it is the same as DB read activity.
To identify users who took a full copy of the database, see the log.nsf and look at user activity with lots of read activity