Find who delete files and folders

Mr_Benett · ‎2020-01-24

Hello everyone,

I would like to know if it's possible to know who deleted a folder or a file with windows explorer (CIFS) on the NetApp.

Is it possible to watch this with logs or job history ?

Thank you !

SpindleNinja · ‎2020-01-24

Yep, you can audit CIFS/SMB events. Here's a good place to start.

https://docs.netapp.com/ontap-9/topic/com.netapp.doc.dot-cifs-nfs-audit/home.html

wareer · ‎2024-12-15

NAS file systems occupy an increased footprint in today's threat landscape, audit functions are critical to support visibility.

Security requires validation. ONTAP 9 provides increased auditing events and details across the solution. Because NAS file systems occupy an increased footprint in today's threat landscape, audit functions are critical to support visibility. Because of the improved audit capability in ONTAP 9, CIFS audit details are more plentiful than ever. Key details, including the following, are logged with events created:

File, folder, and share access
Files created, modified, or deleted
Successful file read access
Failed attempts to read or write files
Folder permission changes

Below are links to relevant official documents：https://docs.netapp.com/us-en/ontap/ontap-security-hardening/filesystem-auditing.html