Data Fence: Feed Your SIEM

While Data Fence has been designed to be a personal security tool, it can also be part of your enterprise's security monitoring system. You can have Data Fence automatically start at login, automatically start analyzing live audit data, and send alerts to syslog, and thus sending the alerts to your enterprise's Security Information and Event Management system.

Data Fence: Packages for Useful Auditing and Live Analysis

When you install Data Fence, it is ready to analyze BSM audit files. But how do you configure your Mac to generate useful audit data? And how can you analyze live audit data? This video walks you through downloading and installing a couple of extra packages from our web site.

Data Fence: Least Privilege, False Positives, and Resolution

Data Fence applies the "Principle of Least Privilege" to data. This means we want to only allow the minimum number of programs necessary to access a particular data file. Any program outside that minimum set trying to access the data gets flagged. A potential problem with this least privilege approach is that you might get false alarms, also known as false positives. Fortunately, this takes about 10 seconds to resolve.

This video shows an example of a false positive and how to quickly fix it.

Data Fence: First Data Set

If you've recently installed Data Fence and want to jump right in using it, we suggest you download a sample audit file and open it up.

This video shows you how to get to our sample data web page from Data Fence's menu, download a file, and analyze it. The data set downloaded will be used in several tutorials. In this video, we just want to help you read your first data file.

NOTE: The sample audit data may still be compressed after you have downloaded it (the filename will still end with ".gz" and the file icon will have a zipper). If so, just double click on it to decompress it.

Welcome to Data Fence

This is where news about Data Fence will be posted. New web tutorials. New fence rules. New tips and tricks. They will all be posted here.