Event Details
User Activity->Object Access->File System Object Access->InTrust Plug-in for File Access->File Object Access->EventID 770 - File read.
EventID 770 - File read.
 Sample: 
Event Type:     SuccessAudit
Event Source:   Quest File Access Audit Source
Event Category: Local Access
Event ID:       770
Date:           10/28/2009
Time:           09:02:15
User:           RESEARCH\Alebovsky
Computer:       SERVER
Description:    
File read: 

	Primary User Name: ALebovsky 

	Primary User Domain: RESEARCH 

	Client User Name:  

	Client User Domain:  

	User Logon ID: (0x0,0x43A4F) 

	Process: C:\WINDOWS\explorer.exe 

	File Path: C:\documents\Compaign.doc 

	Data Read: 0x00000000 - 0x00000018 (24 Bytes) 

	Transaction ID:  

	Shadow Copy:
Log Type: Windows Event Log
 Uniquely Identified By:
Log Name: Quest File Access Audit
Filtering Field Equals to Value
Category ITFA:Local Access
Source Quest File Access Audit Source
EventId 770
Field Matching
FieldDescriptionStored inSample Value
When At what date and time a user activity originated in the system. DateTime 10.10.2000 19:00:00
Who Account or user name under which the activity occured. Primary User Name ALebovsky
What The type of activity occurred (e.g. Logon, Password Changed, etc.) "File System Object Read" File System Object Read
Where The name of the workstation/server where the activity was logged. Computer DC1
Where From The name of the workstation/server where the activity was initiated from. - 10.10.10.10
Severity Specify the seriousness of the event. "Medium" Medium
WhoDomain -
WhereDomain -
Result Successful or Failed "Successful" Successful
Object Name File Path C:\documents\Compaign.doc
Object Type "File" File
Whom -
Access Type Category AttestationReview
Process Process C:\WINDOWS\explorer.exe
Shadow Copy Shadow Copy
Comments
You must be logged in to comment