SMB Monitoring (Linux Only)

SMB share monitoring is disabled by default and can be enabled manually, though its stability and performance are not guaranteed.

This feature is exclusive to Linux and currently supports only SMB 4.10, as used by RedHat Enterprise Linux 7. It is not compatible with later versions of SMB.

To use SMB share monitoring, you need a pre-configured Samba instance and rsyslog forwarding. The GuardMode Agent can then analyze data from SMB share logs redirected by rsyslog.

PreviousSecurity Incident Detection NextEvent Reports