SMB monitoring (Linux)

This is an early access feature.

It is disabled by default. It can be turned on manually but there is no guarantee as to its stability or performance.

Linux-only functionality

SMB share monitoring is only supported on Linux OS.

Distribution-specific functionality

Currently, SMB share monitoring only works with SMB 4.10 and is incompatible with later versions. This version is used by RedHat Enterprise Linux 7.

SMB share monitoring can be optionally enabled with a pre-configured Samba instance and rsyslog forwarding. Guard Mode Agent can listen to notifications re-routed from SMB share logs by rsyslog and use them as a data source for further analysis.

PreviousHoneypot configuration NextSecurity incident detection (early access)

Last updated 2 years ago