Hello,

Newb here trying to get up to speed...

I need to create dashboards that will allow me to perform the audit events listed in the JSIG:

1. Authentication events:
    (1) Logons (Success/Failure)
    (2) Logoffs (Success)
2. Security Relevant File and Objects events:
    (1) Create (Success/Failure)
    (2) Access (Success/Failure)
    (3) Delete (Success/Failure)
    (4) Modify (Success/Failure)
    (5) Permission Modification (Success/Failure)
    (6) Ownership Modification (Success/Failure)
3. Export/Writes/downloads to devices/digital media (e.g., CD/DVD, USB, SD) (Success/Failure)
4. Import/Uploads from devices/digital media (e.g., CD/DVD, USB, SD) (Success/Failure)
5. User and Group Management events:
    (1) User add, delete, modify, disable, lock (Success/Failure)
    (2) Group/Role add, delete, modify (Success/Failure)
6. Use of Privileged/Special Rights events:
    (1) Security or audit policy changes (Success/Failure)
    (2) Configuration changes (Success/Failure)
7. Admin or root-level access (Success/Failure)
8. Privilege/Role escalation (Success/Failure)
9. Audit and security relevant log data accesses (Success/Failure)
10. System reboot, restart and shutdown (Success/Failure)
11. Print to a device (Success/Failure)
12. Print to a file (e.g., pdf format) (Success/Failure)
13. Application (e.g., Adobe, Firefox, MS Office Suite) initialization

Are there templated Splunk search commands for these? And if so, could you point me to them? Many thanks!