File Delete and Renames



####Bundle Details and Download

This bundle provides quick and simple visibility into file renames and deletions by analyzing the SMB/CIFS network protocol (a file sharing protocol).


Is this friendly with SMB v3? I have had issues with SMB 3 working due to the change on how the traffic comes across.


Not certain. The trigger is not looking for version, just delete’s and renames.

I don’t believe we nativity identify SMBv3 today, I see EX-20783 still open. Once that’s in place, we can modify to look for versions of renames/deletes.


ok thank you for the update.


So doing some investigation and it seems that this trigger does not work well with SMBV2 either. Since a delete and rename is handled differently in smbv2. it appears smbv2 does a set info. With a sub command of File disposition info. And then finally a delete on close. At least this is what I am seeing so far. Still trying to figure out how to parse all that.


Please upgrade to 7.2.4+ to correct an issue with some SMB2+ metric counts. You can read more in the release notes here.


I have and that fixed the problem except when it is a windows 10 machine to windows 2012 or above. I just moved to 7.3 and will try to validate if this is still a problem.