Hi folks,
I'm collecting all security events of one share folder in file server (Windows Server 2008 R2) with SCOM (System Center Operations Manager). SCOM stores all security events in a SQL database. The challenge here is create a logic with combination of events to track the operations (delete file\folder, rename file\folder, move file\folder). I'm with difficulty to mount a logic for rename file\folder operation. When I rename one folder all the security events below are generated:
I think this operation (rename folder) consists in one "DELETE" followed by one "AppendData" and with this logic I can show that the folder named "Subfolder 6" was renamed but I can't show what is the new name of the folder (the new name is Subfolder 7) and I need track this. The same occour with the operation renamed file . When we renamed one file we have one "DELETE" followed by one "WriteData" and I can show that the specific file changed the name but can't show what is the new name of the file. Anybody can help me with this?