My company is in a very specialised industry with very few big players and very few new developments. As as result, any activity to make new products/services is extremely valuable information. My company is therefore understandably very concerned about data security.
In the past, confidential documents have found their way out of the company and into the hands of competitors, enabling them to use our new product ideas and try to get a similar product to market, or find some other way to steal our thunder when it is released. Other times, sensitive customer information has been taken and distributed to the customer in an attempt to show that we do not properly protect sensitive customer information and therefore cannot be trusted/are incompetent etc.
So we needed a way to track who has accessed certain documents and discussions on JIRA, so that if such an incident occurs again, we can have some way to find out who did it, or at least narrow the options.
The things we wanted to achieve were:
- be able to see who accessed Document-A between date X and Y.
- have the system send an alarm email when a user downloads >50 binary files in 30 mins.
The solution we came up with was to use Sawmill which is a log analysis tool. You install it on the web server and it parses log files regularly, updates it own database, and presents the information to you via a web interface. You can set up various filters for the report information, and also set up email alarms such as above. It was quite cheap and works well for our needs. Probably there are other solutions, but this was the best I could find at the time.
I tried to use Sawmill for some other log analysis such as for my website, and for the SMTP mail server but it didnt work particularly well and I gave up on it without trying too much. I use Google Analytics anyway for the website which is great, and I just look through the mail logs manually for now.