GuardMode can monitor SMB shares on Linux systems to detect file operations. This feature requires additional configuration and has specific compatibility requirements.
Requirements
Linux operating system
SMB client version 4.10 or earlier
Pre-configured Samba instance
Configured rsyslog forwarding
Configuration
The feature is disabled by default. To enable SMB share monitoring:
Configure rsyslog to forward Samba logs to GuardMode Agent
