Highlighted
Knowledge Partner Knowledge Partner
Knowledge Partner
474 views

XDAS taxonomy question

Hello,

Need some suggestions from the experts.

Which XDAS taxonomy should I apply to the following event from a NAS:

Message: CIFS client [username@domain] from
[CLIENTHOSTNAME(IP:192.168.0.4)] accessed the shared folder
[NAMEOFSHAREDFOLDER]


Thanks
-alekz
0 Likes
3 Replies
Highlighted
Absent Member.
Absent Member.

Hi Alekz,

On 17.12.2015 16:15, alekz wrote:
> Hello,
>
> Need some suggestions from the experts.
>
> Which XDAS taxonomy should I apply to the following event from a NAS:
>
> Message: CIFS client [username@domain] from
> [CLIENTHOSTNAME(IP:192.168.0.4)] accessed the shared folder
> [NAMEOFSHAREDFOLDER]


What did actually happen when NAS reports that a client "accessed a
shared folder"? Is this the first message when the client connects to
this share? Did the client read any file in the folder? Did the client
enumerate all files in the folder?

--
Norbert
0 Likes
Highlighted
Knowledge Partner Knowledge Partner
Knowledge Partner

Hello,

When the client connects to the NAS using for example Windows Explorer,
going to \\nas and successfully opens a share that message is logged.

The client did enumerate all files in the folder.

Interesting there is nothing logged when initially browsing to \\nas and
entering the username and password, doesn't matter if it correct or
incorrect. Only that message is logged *every* time the share is opened.



On 2015-12-17 17:48, Norbert Klasen wrote:
> Hi Alekz,
>
> On 17.12.2015 16:15, alekz wrote:
>> Hello,
>>
>> Need some suggestions from the experts.
>>
>> Which XDAS taxonomy should I apply to the following event from a NAS:
>>
>> Message: CIFS client [username@domain] from
>> [CLIENTHOSTNAME(IP:192.168.0.4)] accessed the shared folder
>> [NAMEOFSHAREDFOLDER]

>
> What did actually happen when NAS reports that a client "accessed a
> shared folder"? Is this the first message when the client connects to
> this share? Did the client read any file in the folder? Did the client
> enumerate all files in the folder?
>

0 Likes
Highlighted
Absent Member.
Absent Member.


alekz;263585 Wrote:
> Hello,
>
> When the client connects to the NAS using for example Windows Explorer,
> going to \\nas and successfully opens a share that message is logged.
>
> The client did enumerate all files in the folder.
>
> Interesting there is nothing logged when initially browsing to \\nas
> and
> entering the username and password, doesn't matter if it correct or
> incorrect. Only that message is logged *every* time the share is
> opened.
>
>
>
> On 2015-12-17 17:48, Norbert Klasen wrote:
> > Hi Alekz,
> >
> > On 17.12.2015 16:15, alekz wrote:
> >> Hello,
> >>
> >> Need some suggestions from the experts.
> >>
> >> Which XDAS taxonomy should I apply to the following event from a

> NAS:
> >>
> >> Message: CIFS client [username@domain] from
> >> [CLIENTHOSTNAME(IP:192.168.0.4)] accessed the shared folder
> >> [NAMEOFSHAREDFOLDER]

> >
> > What did actually happen when NAS reports that a client "accessed a
> > shared folder"? Is this the first message when the client connects to
> > this share? Did the client read any file in the folder? Did the

> client
> > enumerate all files in the folder?
> >


In this particular context, the folder would be a 'data item' - it's an
object that has an operation against it. It's technically also a
container, but in this case that's less relevant. It's being queried.

So it would be XDAS_AE_QUERY_DATA_ITEM_CONTENTS.

The folder would be the data name, the parent of the folder would be the
namespace, and so on. I would also set the TargetResourceType (or
TargetNewResourceType if you have an older SDK) to 'Folder' so it's
clear what type of data item we are dealing with.


--
brandon.langley
------------------------------------------------------------------------
brandon.langley's Profile: https://forums.netiq.com/member.php?userid=350
View this thread: https://forums.netiq.com/showthread.php?t=54954

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.