https://community.netapp.com/t5/ONTAP-Discussions/Capturing-unauthorized-access-attempts-Cifs/m-p/450186#M43107 <P>Hello Friends,&nbsp;</P><P>&nbsp;</P><P>My customer asked for a way to document all the attempts to open a folder/file that results in "access denied".&nbsp;</P><P>I assumed that enabling cifs audit will cover that but I saw the event types in the documentation and none of them seem to be relevant:&nbsp;</P><P><SPAN>[{file-ops|cifs-logon-logoff|cap-staging|file-share|authorization-policy-change|user-account|security-group|authorization-policy-change}]</SPAN></P><P>&nbsp;</P><P><SPAN>Any ideas what is the best way to capture these events?</SPAN></P><P>&nbsp;</P><P>Thank you!</P> Wed, 04 Jun 2025 09:42:23 GMT Tom_Zari 2025-06-04T09:42:23Z https://community.netapp.com/t5/ONTAP-Discussions/Capturing-unauthorized-access-attempts-Cifs/m-p/450186#M43107 <P>Hello Friends,&nbsp;</P><P>&nbsp;</P><P>My customer asked for a way to document all the attempts to open a folder/file that results in "access denied".&nbsp;</P><P>I assumed that enabling cifs audit will cover that but I saw the event types in the documentation and none of them seem to be relevant:&nbsp;</P><P><SPAN>[{file-ops|cifs-logon-logoff|cap-staging|file-share|authorization-policy-change|user-account|security-group|authorization-policy-change}]</SPAN></P><P>&nbsp;</P><P><SPAN>Any ideas what is the best way to capture these events?</SPAN></P><P>&nbsp;</P><P>Thank you!</P> Wed, 04 Jun 2025 09:42:23 GMT https://community.netapp.com/t5/ONTAP-Discussions/Capturing-unauthorized-access-attempts-Cifs/m-p/450186#M43107 Tom_Zari 2025-06-04T09:42:23Z