Monitoring NetApp NTFS permissions with native tools
One way to track changes to NTFS permissions and find out who has access to what on your NetApp filers is to enable NetApp auditing with the built-in tools. Here are the steps you’ll need to take:
- Determine which event IDs that you want to monitor. In this case, these events will be changes to permissions, access to shares and so on.
- Configure the CIFS system access control lists.
- Configure auditing settings to meet your auditing needs.
- Manage the audit log that will be generated. Since the reports are not easy to read and look more like a mountain of raw data, be ready to spend time massaging the data into a comprehensible format. And accept that you simply can’t get real-time alerts about critical changes or access events without scripting.
Alternatively, there is a much simpler way to find out what’s going on with permissions on your NetApp filers.
Simplifying NetApp CIFS share and NTFS permissions and access auditing with Netwrix Auditor
Netwrix Auditor for NetApp streamlines permissions auditing by providing complete visibility into who has access to which files or folders and all changes to those permissions. It also keeps you abreast of all activity across your NetApp filers, such as changes to files, folders and shares; successful and failed access attempts; and how your data is used. And the solution supports all the latest versions of clustered Data ONTAP operating systems.
With Netwrix Auditor at your fingertips, you can:
- Review effective permissions, see how data is used and identify data owners across your NetApp filers with file analysis reports.
- Identify and assess your vulnerabilities in key areas, such as permissions, data and user and computer accounts, so you can take the necessary steps to tackle these risks efficiently and effectively.
- Stay on top of all changes across your NetApp environment, including changes to CIFS share and NTFS permissions.
- Keep an eye on everything what’s going on by subscribing to comprehensive, detailed reports.
- Investigate suspicious changes or access events with the Google-like interactive search.
- Protect your critical information by instantly identifying insider threats, ransomware and other attacks with threshold-based alerts. For instance, you can create a threshold-based alert on multiple failed read attempts.
- Quickly identify risky users threatening the security of your data with Behavior Anomaly Discovery.
- Keep your NetApp security intelligence in a two-tiered (file-based + SQL Server database) storage for years for in-house security investigations and periodic audit checks.