Computer networks

How and with what to monitor and block user actions on the file server?

There is a file server (network drive, plans to move to a full-fledged server) it stores files in PDF, TIF, CDR, JPEG, PSD format (vector and bitmap images). Suppose several thousand unique files + "preview" auxiliary files. Most files weigh on average up to 30-40 megabytes, the maximum size is 250-300 megabytes (there are not many of them).
200 workstations are connected to this server (users see the data as a "network drive" in Windows). The workstations are geographically distant from each other and are connected through the ISP's VPN tunnel. The channel width is 10 megabits.
During normal operation, the user can use several files (download to his computer) per day or not use at all. It is unlikely, but possible, that the user will need to simultaneously download 2-3 files to his workstation at a time. The time of work with one file, as a rule, is not less than 10 minutes.
The task is to automatically block access to files for a user whose actions differ from the pattern that I described above (for example, the user tries to download 10 files at once or more). Or it downloads 1 file every 15 minutes all day).
You need a real-time notification, in case of blocking, by e-mail, and preferably by SMS, to one or more people.
It is also necessary to look at statistics - who, what files used (namely, downloaded), for specified periods of time and with what frequency.
I have been looking for options for a ready-made software solution, but so far without success. The only thing that I managed to find more or less effective is the Varonis system, but their price tag is too high.