Good Morning-
We currently have Splunk installed in house but not overly configured. Each week, I take a our security logs using the MS dumpel command, and compile the 92 logs into one 2 GB text file, run that through a MS Access Database, to kick out a series of critical event logs to review as part of the company I work for's company information security policy and practice of which we have to report to the SEC for Sarbanes-Oxley compliancy. I'm hoping to be able to set up alerts in Splunk to email if certain criteria are found and kick those alerts into our Sharepoint environment to act as a log for this instead. Any advice on configuring alerts like this would be greatly appreciated.
Thanks-
--Ryan
... View more