Creating file activity policies for network-attached storage (NAS) devices

Use the Policy Builder for Files to set up file activity monitoring for NAS devices. You can configure multiple monitored hosts on the same server. Each monitored host can have its own policy configuration by using a distinct datasource.

About this task

After you establish a connection between your monitoring agent and the Guardium system, you can configure FAM for NAS by using the Policy Builder for Files.
Note: You can no longer configure FAM for NAS using the configuration app. Any manual change to the configuration file triggers an alert.

Procedure

  1. Go to Protect > Security Policies > Policy Builder for Files.
  2. Click Create new policy to create a new policy.
  3. To enter the type of policy, click the drop-down box and select Network Attached Storage.
  4. Enter a name for the new policy. The policy can be saved after a rule is defined.
  5. To add existing rules to the policy:
    1. Click Show Templates. The Rule Templates table opens.
    2. Optionally filter the list with the filter function.
    3. Select one or more rules and click Move
  6. To create a new rule:
    1. Click create new rule to open the Create New Rule window.
    2. Name the rule, and click Next.
    3. Specify a datasource manually, by selecting from a list of datasources, or by selecting a group of datasources and click Next.
  7. Define rule criteria by including or excluding file paths, excluding accounts, or file extensions.
  8. Select the Specify action for specific operation or group checkbox to specify the operations that require monitoring, and the appropriate rule action. If the check box is not selected, all operations are monitored by default.
    Note: The operations that are selected override the settings on the configuration app of the monitoring agent.
  9. To configure an existing rule:
    1. Click Edit rule to change the name, modify the other attributes as relevant, and click Save.
    2. Delete a rule by selecting it and clicking Delete rule.
  10. Click Save to save the policy, or Save and Install to install the policy immediately. For more information, see Using the Policy Installation tool.
    Attention:

    In Guardium® v11.2 and later, NAS datasources appear in the following format: <The name of the server where the agent is installed>:<the monitored host>_<type of NAS device>:FAM-NAS.

    When FAM for NAS is upgraded to v11.2 or later, the existing policies that are installed on v11.0 or v11.1 do not work due to the change in the datasource format. To resolve this issue, update the name of the NAS datasource, save, and reinstall the policy.