List of supported file operation and filter combinations that FPolicy can monitor for SMB

Contributors

When you configure your FPolicy event, you need to be aware that only certain combinations of file operations and filters are supported for monitoring SMB file access operations.

The list of supported file operation and filter combinations for FPolicy monitoring of SMB file access events is provided in the following table:

Supported file operations Supported filters

close

monitor-ads, offline-bit, close-with-modification, close-without-modification, close-with-read, exclude-directory

create

monitor-ads, offline-bit

create_dir

Currently no filter is supported for this file operation.

delete

monitor-ads, offline-bit

delete_dir

Currently no filter is supported for this file operation.

getattr

offline-bit, exclude-dir

open

monitor-ads, offline-bit, open-with-delete-intent, open-with-write-intent, exclude-dir

read

monitor-ads, offline-bit, first-read

write

monitor-ads, offline-bit, first-write, write-with-size-change

rename

monitor-ads, offline-bit

rename_dir

Currently no filter is supported for this file operation.

setattr

monitor-ads, offline-bit, setattr_with_owner_change, setattr_with_group_change, setattr_with_mode_change, setattr_with_sacl_change, setattr_with_dacl_change, setattr_with_modify_time_change, setattr_with_access_time_change, setattr_with_creation_time_change, setattr_with_size_change, setattr_with_allocation_size_change, exclude_directory