CyVectors FileAuditAgent – File Activity & Ransomware Detection

Problem: Ransomware and insider file abuse can spread silently; traditional AV often misses subtle file operation sequences.

 

• Solution: FileAuditAgent monitors file system events and security logs, detects suspicious sequences (read → write → rename), and flags mass delete/write bursts.

 

• Why Different: Provides ONNX -powered anomaly scoring, registry - driven tuning, summary aggregation windows, and JSON syslog export, designed to surface ransomware -like patterns in real time.

 

• Syslog Output Fields: Timestamp, Sitename, Host, Service, EventType (Created/Changed/Deleted/Renamed), User, FilePath, Extension, Directory, Top Users, Top Extensions, Top Directories, Annotations.

​

Host Resource Requirements

• CPU: < 1%

• Memory(RAM)  < 50MB

• Disk: < 1MB per day log writes

• Network: < 1KB/s syslog traffic