Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
710
Views
0
Helpful
0
Replies

Security Relevant files

CarlosColon2948
Level 1
Level 1

‎10-27-2021 11:40 AM

Community!

 

Currently building a dashboards for Splunk so that my security team can start auditing important events.  I have been tasked to start on the Networking side until our team can finish Linux/Windows dashboards.  While I am somewhat familiar with event codes I am not sure if I know how to parse certain information or/and look for certain information.  I have looked at the Event code directory but the list is super extensive and I don't know all the networking jargon since I am still learning. i.e. login event code may also carry code like establish_session, user_authentication, and/or closed_connection  <---  not entirely correct.  But here are the event types I am looking for.  any chance anyone could give me a hand.  if you know of a security document that points out pertinent security events or any of sort.  thank you all, wasn't sure how to ask since I am still learning the dynamics. 

 

1. Security relevant file or object. 

2. Export/writes/downloads to devices

3. Import/Uploads from devices/digital media 
5. User and Group Management events:

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card