The most recent content from our members.
We use Orion to manage networking devices and I have been tasked with creating a Splunk dashboard to monitor events. I am using Splunk DB connect to ingest Audit Events to my SEIM. The issue is that almost all of the data I am getting from AuditingEvents seems to be duplicate junk data. I am seeing logins from the same…
Is there any possibility to achieve this. Not able to figure out what condition should I put under where clause so that I can receive an alert incase audit log is missing for say last 24 hours or 12 hour depending upon the requirement
Hi I "think" it's not new "issue" I don't see a way to Audit if API user is log into or not..or what Query is running I have some TS integration that are not working (all the time :-) )
I've had some discussion with fellow MVP's and we all feel the audit log could use a big FR for the things we want to see tracked. On my list I can think of: * who & when a credential is added or removed* eg: include module (Credential added to UDT? Credential added to SAM template?) * also: credential changed for the…
Hello community, I'm wondering if there is a way to audit, report and alert against user account permission changes? I know that the current audit log is able to display when a user account is created and when it's deleted. I'm just wondering if there is a way we can detect permission changes to an already existing account…
Currently, I have found that not all items that are present while under the edit node properties are tracked as an audit item. For example, which turning on/off UDT Layer 2/3 polling does not appear to populate in audit trails/events. This can cause issues in UDT itself not collecting the correct data from devices which…
It looks like you're new here. Sign in or register to get started.