Only properly configured shares on SFS are allowed to store high-risk data. These configurations include a separate volume as a secure transfer location for audit reports. SFS adds auditing to all SMB shares. Share owners may request audit log reports as needed. (As of Fall of 2022, share owners no longer have to perform any auditing configuration.)

Auditing is enabled for all SMB shares provisioned by SFS, but is only required on high-risk (formerly L1 or confidential) or HIPAA configurations.

The following activity is captured in the audit logs and retained for 1 year.

• The time an entity was accessed, including the year, month, day, and time of the last access.
• The activity the user performed. Supported types are:
  • Change Group Ownership - Group Ownership is if file or folder is changed.
  • Change Owner - Ownership of file or folder is changed to another user.
  • Change Permission - File or folder permission is changed.
  • Create - Create file or folder.
  • Delete - Delete file or folder. If a folder is deleted, deleted events are obtained for all the files in that folder and subfolders.
  • Read - File is read.
  • Read Metadata - Only on enabling folder monitoring option. Will be generated on opening a folder on Windows or Running “ls” inside a folder in Linux.
  • Rename - Rename file or folder.
  • Write - Data is written to a file.
  • Write Metadata - File metadata is written, for example, permission changed.
  • Other Change - Any other events which are not described above. All unmapped events are mapped to “Other Change” activity type. Applicable to files and folders.