search cancel

Splunk CloudSOC SIEM Agent does not gather Audit Data

book

Article ID: 173279

calendar_today

Updated On:

Products

CASB Security Standard CASB Security Premium CASB Security Advanced CASB Audit CASB Gateway CASB Gateway Advanced

Issue/Introduction

Configured SIEM agent.
Detect and Investigate data is collected properly. 
No Audit data is collected.

Cause

SIEM agent only collects Detect and Investigate data.
It does not gather Audit data by design.

Resolution

The SIEM agent does not collect and retrieve data from the Audit.

Please work with your Sales Engineer to enter a feature request.

If you still want to export Audit data, please follow these steps as an alternative: 

  1. Log on to CloudSOC.
  2. Navigate to the CloudSOC Techdocs page.
  3. Click the 'CloudSOC API' option.
  4. Locate the 'Audit API' tech doc.
  5. Follow the directions as outlined.