Hello. Our security folks asked if there is a way to use Tripwire to monitor for changes to the ACLs for a CIFS share on a VNX. I explained to them that they can't install tripwire on the VNX, but they were wondering if there was a different method to achieve the same result. Has anyone set up a security monitor for permission changes to CIFS shares? Thanks.
We enabled auditing on data mover and then specified what kind of audit events we want to capture. One of our user wrote a java app to scrape the audit log from the CIFS server and archive it to another location. When we moved to Isilon we purchased Varonis, it supports VNX as well.