#dominoforever | Product Ideas Portal

 

Welcome to the #dominoforever Product Ideas Forum! The place where you can submit product ideas and enhancement request. We encourage you to participate by voting on, commenting on, and creating new ideas. All new ideas will be evaluated by HCL Product Management & Engineering teams, and the next steps will be communicated. While not all submitted ideas will be executed upon, community feedback will play a key role in influencing which ideas are and when they will be implemented.

For more information and upcoming events around #dominoforever, please visit our Destination Domino Page

Log Copy on Database

Information in Domino Log database when someone have created local copy of database.

 

  • Guest
  • Nov 22 2019
  • Unlikely to implement
  • Attach files
  • Admin
    Thomas Hampel commented
    13 Jan, 2020 05:56pm

    Yes, but thats not the point. The log.nsf provides an indication of who was reading many documents in a short period of time. This is not a guarantuee but an indication of suspicious behaviour. An agent would most likely not read all documents (except of poorly written agents), and scheduled agents would not run with the users identity. So if there was read activity, it is a user who pulled a new local replica. You can of course set the ACL flag to disable replication or copy activities to limit exposure.
    However, what you are looking for is behaviour analysis, which is provided by SIEM solutions like QRadar.

  • Guest commented
    20 Dec, 2019 01:08pm

    Have you ever used that db? Besides information in one place like log.nsf or console.log files are in many organizations kept for a while. Information about  who read documents and counting them could be misleadeing i.e agent which is going thru multiple documents on behalf of signer. So in the end you cannot be sure if database was copied or not. Information about copied database could be used as Data Leak Prevention. Currently administrators do not have idea if someone did copied database or not. Additionaly the admins have to have suspicion that someone did that and then run db analysis tool. And there is another problem, that you need keep activity logs for all dbs.....Simple entry in console would so simple and would be enough....After that you have neccessary information in your console log, you can create event handler to react when someone try to copy db....

  • Admin
    Thomas Hampel commented
    19 Dec, 2019 08:09pm

    Unlikely to be implemented because to the server it is the same as DB read activity.
    To identify users who took a full copy of the database, see the log.nsf and look at user activity with lots of read activity