Hello Logpoint Community!
I’ve recently begun with the process of trying to create a search template to look up a user, and see recently moved files, or recently deleted files. I’m assuming this needs to be two seperate templates.
Anyhow, when browsing the file audit logs, I was baffled at the amount of logs generated by moving one file. In our environment, when moving one file, it generates upwards of 14 log entries, all with actions like “requested”, “access” - some log entries have the path of the file, some don’t.
Anyways, before I commit what I assume would be a long time trying to create this from scratch, I was wondering if some of you would be able to share a template to look up files moved by a user.
In my mind it would look something like this.
| Timestamp | Username | File_path_old | File_path_new |
Any help at all would be appreciated!
Thanks in advance