AnsweredAssumed Answered

How can I tell if a specific log events are making it into SA?  As an example CyberArk

Question asked by John Tyson on Mar 14, 2016
Latest reply on May 13, 2016 by John Tyson

The customer team has prepped the Cyber Ark server and added the required xsl files according to the attached config guide.  I have ensured that the decoder is capturing and the  service parser is enabled.  I want to ensure that the logs are truly being ingested and an analyst could see the logs.  How can I definitively identify the forwarded CyberArk event sources are in SA?

 

Thank you for your assistance!

Outcomes