Is there a process I can use with Splunk to pull audit logs on how, who, when, and where directories are being created on our file share servers?
Thank you.
Steve
If the audit logs are already on disk/exist, it's easy. if not, it sounds like you need to look at scripted inputs.
If the audit logs are already on disk/exist, it's easy. if not, it sounds like you need to look at scripted inputs.