dasdguy
2 Bronze

Using tripwire to monitor changes to ACLs for a CIFS share on a VNX?

Hello.  Our security folks asked if there is a way to use Tripwire to monitor for changes to the ACLs for a CIFS share on a VNX.  I explained to them that they can't install tripwire on the VNX, but they were wondering if there was a different method to achieve the same result.  Has anyone set up a security monitor for permission changes to CIFS shares?  Thanks.
  

Tags (1)
0 Kudos
2 Replies
dynamox
6 Thallium

Re: Using tripwire to monitor changes to ACLs for a CIFS share on a VNX?

We enabled auditing on data mover and then specified what kind of audit events we want to capture. One of our user wrote a java app to scrape the audit log from the CIFS server and archive it to another location.  When we moved to Isilon we purchased Varonis, it supports VNX as well.

0 Kudos
Highlighted
dasdguy
2 Bronze

Re: Using tripwire to monitor changes to ACLs for a CIFS share on a VNX?

Dynamox:

Great, I'll see if they want to go that route.  Thanks.