locked
To find out the correct data model to implement common information model(CIM) in splunk RRS feed

All replies

  • Hello,

    ATA can send events to syslog server in the format of RFC 5424 or RFC 3164.

    The following documentation introduces the details about the log format with sample, and you can learn more by referring to it.

    https://docs.microsoft.com/en-us/advanced-threat-analytics/cef-format-sa

    Best regards,

    Andy Liu


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, December 6, 2017 8:50 AM
  • Under which data model ATA logs will come..Example it will come under authentication or network traffic or web.

    Wednesday, December 6, 2017 2:32 PM