I have symantec logs configured on RSA. I wanted to know, by what meta keys using these logs, I can monitor the USB activity. Like- If a user has plugged-in a USB/external hard drive and the access is blocked by symantec. OR if a user has disabled the symantec on its system and then trying to access USB.
Would really appreciate some quick help here.
Sahil Arora,
I've moved your question to the RSA NetWitness Platform space so your post will be seen by the appropriate TSEs and customers who use the product.
Regards,
Erica