Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How should we handle SQL Server audit data that reaches the wineventlog index?

danielbb
Motivator
‎08-28-2020 07:58 AM

For SQL Server audit information, we ended up sending the data to the wineventlog index as application events.

This data - EventCode=33205 should be visible only for the cyber/audit audience. How can we apply a different access to this data or should we route it to a different index? If so, how can we do it?

Labels (1)
Labels
Tags (1)
0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎08-28-2020 10:13 AM
The only way to apply different security to certain data is to put that data in a separate index.
---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Get Updates on the Splunk Community!

Observability Highlights | January 2023 Newsletter

 January 2023New Product Releases Splunk Network Explorer for Infrastructure MonitoringSplunk unveils Network ...

Security Highlights | January 2023 Newsletter

January 2023 Splunk Security Essentials (SSE) 3.7.0 ReleaseThe free Splunk Security Essentials (SSE) 3.7.0 app ...

Platform Highlights | January 2023 Newsletter

 January 2023Peace on Earth and Peace of Mind With Business ResilienceAll organizations can start the new year ...