We’re running Auditor 10.8 and I’m running into an issue with something that seems like it should be straight-forward.
I put a monitoring rule together to watch for permissions changes to user directories on the File Server. The monitoring works - but it’s going too far.
Despite having the “Include Subfolders” drop-down set to “No” the alert emails I’m getting are giving me a readout of every subfolder inside the user’s folder when permissions are changed at the top-level of the user’s folder.
For example, the monitor is watching \\fileserver\users$
I’ve got three users in there: Bob, Jill, Don
I grant myself access to Bob’s folder.
Netwrix is sending me alerts for every folder inside Bob’s folder, with “Include Subfolders” set to “No”
Team Email: \\fileserver\users\Bob\ConfidentialProject permission change by AdminUser
Team Email: \\fileserver\users\Bob\BudgetPlanning permission change by AdminUser
Team Email: \\fileserver\users\Bob\MyBossHatesMe permission change by AdminUser
It’s suboptimal to see the folder names inside the user’s folder when all I wanted was to know if someone was enabling access to anyone’s personal folders. I really don’t want a dozen alerts for a dozen folders inside Bob’s folder, exposing all of the names Bob is using. I just want a single email: \\fileserver\users\Bob permission change by AdminUser
Is there a way to achieve that?