With multiple applications both cloud and on premise in use, I am looking for a toolset which can automate the manual process of downloading a block of system logs on a periodic basis and manually looking for anomalies. Ideally I would like system logs to be loaded and reporting generated for non compliant practices e.g. sharing passwords , using restricted websites etc ?.
As Sundareshr stated, Splunk would definitely be a great tool for loading and searching your data for password sharing occurrences, access to restricted sites, etc. There would need to be data within your logs that could indicate that information (if it's not there, Splunk isn't going to make the data occur for you) or there would need to be a pattern within an event or set of events that would infer the existence of a password share and/or access to a restricted site during a session/transaction.
Download the free instance or sign up for a free Cloud instance of Splunk and give it a try! 🙂
As long as the logs have something in them regarding sharing passwords and using restricted websites, yes Splunk would be a great tool to automate the manual process of downloading logs and look for anomalies.