Monitoring USB Ports with Safed

Posted by on Jul 3, 2014 in EriZone & OTRS, Uncategorized | 0 comments

Sometimes, especially for security reasons, it is important to know if the USB ports of a server have been used and what kind of operation has been carried out. Well, with the new version 1.7.0 of the Safed agent it is possible to monitor the USB ports for Windows Vista 2008 and later versions. Now the agent is able to receive WMI event notifications concerning the target instance “Win32_PnPEntity”. All events of classes “__InstanceCreationEvent”, “__InstanceDeletionEvent” and “__InstanceModificationEvent” will be intercepted, filtered (using the usual Safed objective filters) and sent to the syslog collector for further analysis, correlation with other events and storing.

Read More