I have symantec logs configured on RSA. I wanted to know, by what meta keys using these logs, I can monitor the USB activity. Like- If a user has plugged-in a USB/external hard drive and the access is blocked by symantec. OR if a user has disabled the symantec on its system and then trying to access USB.
Would really appreciate some quick help here.