I'd like to build a search targeting media transfers and add it to my dashboard.
Using the index of the security logs, I'd like to pick up all users create data transfers like CD burns, USB access, etc.
My client, requires data transfer accounts to have a specific suffix such as "-xxx".
What's the best search for these requirements?
Can you share some sample (anonymised) events and the search / report you have already tried?