Splunk Enterprise Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

File server user audit logs vs. Enterprise Security

ikulcsar
Communicator
‎05-14-2018 04:34 AM

Hi there!

We are receiving logs from a NetApp file server about what user access, etc. Log format very similar/same as the Windows Events in XML. (So parsing looks good) We also have Enterprise Security license.

So far I didn't find what can ES do with these logs, one tip is to try to use Change Adult/Endpoint changes/Filesystem changes Data Model.

So does anybody have an experience on this topic, what should I do with this logs?

Regards,
István

0 Karma
Reply
Get Updates on the Splunk Community!

Get Inspired! We’ve Got Validation that Your Hard Work is Paying Off

We love our Splunk Community and want you to feel inspired by all your hard work! Eric Fusilero, our VP of ...

What's New in Splunk Enterprise 9.4: Features to Power Your Digital Resilience

Hey Splunky People! We are excited to share the latest updates in Splunk Enterprise 9.4. In this release we ...

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...