The customer team has prepped the Cyber Ark server and added the required xsl files according to the attached config guide. I have ensured that the decoder is capturing and the service parser is enabled. I want to ensure that the logs are truly being ingested and an analyst could see the logs. How can I definitively identify the forwarded CyberArk event sources are in SA?
Thank you for your assistance!
do a query of the device ip see whether you can find any, or you can do tcpdump see whether the logs is sending over.