We finally went with LogRythm for event log and cifs log reporting. Does this nicely without an agent, etc.
However, nothing I can find can do Real Time File Intergrity Monitoring (FIM) without doing away with NetApp CIFS and migrating the file shares from the NetApp to a Windows front-end Server.
Here is some info on File Integrity Monitoring (FIM):
1. Alerts on any file or folder additions, deletions, modifications, or reads.
2. Can alert on a variety of malicious behaviors, from improper user access of confidential files to botnet related breaches and transmittal of sensitive data.
3. Meets PCI DSS compliance for sections 11.5* and 12.9 – specifically addresses 35 specific mandates of PCI DSS 1.2.
4. Provides a complete set of forensic data for rapidly identifying the root cause of security breaches.
*11.5 mandates that we deploy file integrity monitoring to alert personnel to unauthorized modifications of critical system or content files, and perform file comparisons at least weekly or more frequently.