07-05-2018 01:58 AM
I have a requiremennt to have audit logs sent to a SIEM (in this case IBM QRadar) which detail the "who", "what" and "when" of admin activities. I know audit details are held in the EMM and can be interogated using audit cmds but how can I either redirect a log version to a SIEM or regularly extract detail into a log format and forward that, presumably by email.
Thanks
07-05-2018 04:31 AM
Don't think you can extract the information directly from the EMM, but OpsCenter has all the information and here you have possibility to make SQL queries.
Will be very interested if you find a way to extract directly from the EMM on the master
07-05-2018 05:58 AM
Netbackup applicnces version 3.0 and higher has a log forwarding feature (syslog host feature).
See https://www.veritas.com/support/en_US/article.000126090
Log forwarding of user audit is a much wanted feature that was high on Veritas priority list when I was attending the Enhanced auditing/ RBAC scrum demos. Right now you have to pipe text from nbauditcmd to your preferred SIEM system.