I am attempting to create a search in Splunk that will provide me with any and all changes an admin made to our firewalls. This is part of a "governance" task and we have logs coming from the FWs. Any pointers will be appreciated.
@ITWhisperer I'm sitting down with the people that configured Splunk for this network. I cant even get basic logs to pull-up via a simple search. Might be a configuration issue. I will get back to you once I have some logs to work with.