SMB Auditing

Hello James Karch,

There is no documentation for forwarding Unity NAS SMB to QRadar for auditing. Here is the link to the Dell Unity Family Security Configuration Guide, and if you look on page 26 it talks about remote logging.

https://dell.to/3S0nQNZ

are you sure this is supported in QRadar ? Is this the type of thing you are looking to do ? https://www.varonis.com/integrations/dell-emc

see https://www.dell.com/support/kbdoc/en-us/000019572/unity-dell-emc-unity-cee-cepa-user-correctable?lang=en

Hello James , exactly i have the same problem so noboy replies it correctly as far as i can see.  But i did a lot of work on this problem and as i find out you need to install CEE to a server  than you also need to install the Qradar agent  eg.  Wincollect to the same CEE server than you may change some registery settings to enable it to forward the logs to wincollect agent.     I find those 2 links for 2 different products and its showing exactly how to do this but for the qradar wincollect agent  , i couldnt find the endpoint name to use at registery to enable it.  So if you can find any way to solve it please can you share with me ?  

On the other hand there is syslog logging which you may find under settings at unity management tab for remote logging  , but i am not sure if it will show nas server file change audits or not..  

1 -https://helpcenter.netwrix.com/bundle/StealthAUDIT_11.5/page/Content/Configuration/EMC_Unity_Config/Activity_Monitor_Configuration.htm

2 - https://community.sailpoint.com/mpomh84452/attachments/mpomh84452/SIQ_docs/363/3/Integrating%20EMC%C2%A0Unity%20CIFS%20with%20File%20Access%20Manager.pdf

@geometry dash scratch Thanks for sharing. It's useful for me.