I am replying to an invitation to tender from a customer. They requir a product that will be able to do deep packet inspection and extract SMB events realting to shares and files that are moved or deleted. They also want it to support directory services if possible so that it can report by username !
Oh and it needs to be able to do it at a full 10Gb and store historical data for a year.
I can't think of anything that can do this kind of thing. Sure whith a packet capture you could pick out the SMB messages but storing 10Gb/s would involve thousands of terrabytes of storegae for a years worth of data.
Any ideas on something that can do at least part of this. I was thinking about some kind of Netflow analyser.