Skip to Main Content
HCL Domino Ideas Portal

Welcome to the #dominoforever Product Ideas Forum! The place where you can submit product ideas and enhancement request. We encourage you to participate by voting on, commenting on, and creating new ideas. All new ideas will be evaluated by HCL Product Management & Engineering teams, and the next steps will be communicated. While not all submitted ideas will be executed upon, community feedback will play a key role in influencing which ideas are and when they will be implemented.

For more information and upcoming events around #dominoforever, please visit our Destination Domino Page

Status No Plans to Implement
Workspace Domino
Categories Security
Created by Guest
Created on Nov 22, 2019

Log Copy on Database

Information in Domino Log database when someone have created local copy of database.

 

  • Attach files
  • Guest
    Reply
    |
    Jul 4, 2024

    Check out https://extracomm.com/securtrac. SecurTrac has the capability to detect bulk actions. For example, if a user tries to replicate or copy a database to a local machine, this action would trigger many document reads in a short period of time. In such a case, SecurTrac's bulk action detection feature would be triggered and send a notification to the security officer. This allows administrators to be alerted to and investigate any suspicious bulk activities that could indicate potential data breaches or other security concerns.

  • Admin
    Thomas Hampel
    Reply
    |
    Jan 13, 2020

    Yes, but thats not the point. The log.nsf provides an indication of who was reading many documents in a short period of time. This is not a guarantuee but an indication of suspicious behaviour. An agent would most likely not read all documents (except of poorly written agents), and scheduled agents would not run with the users identity. So if there was read activity, it is a user who pulled a new local replica. You can of course set the ACL flag to disable replication or copy activities to limit exposure.
    However, what you are looking for is behaviour analysis, which is provided by SIEM solutions like QRadar.

  • Guest
    Reply
    |
    Dec 20, 2019

    Have you ever used that db? Besides information in one place like log.nsf or console.log files are in many organizations kept for a while. Information about  who read documents and counting them could be misleadeing i.e agent which is going thru multiple documents on behalf of signer. So in the end you cannot be sure if database was copied or not. Information about copied database could be used as Data Leak Prevention. Currently administrators do not have idea if someone did copied database or not. Additionaly the admins have to have suspicion that someone did that and then run db analysis tool. And there is another problem, that you need keep activity logs for all dbs.....Simple entry in console would so simple and would be enough....After that you have neccessary information in your console log, you can create event handler to react when someone try to copy db....

  • Admin
    Thomas Hampel
    Reply
    |
    Dec 19, 2019

    Unlikely to be implemented because to the server it is the same as DB read activity.
    To identify users who took a full copy of the database, see the log.nsf and look at user activity with lots of read activity