Work with Collected Data

Follow the steps to work with collected data:

Step 1 – Navigate to the destination folder and open a CEF log file.

Step 2 – Review audit data exported from the Audit Database. For example, review this CEF-formatted string:

CEF:0|Netwrix|Active Directory|1.0|Added|Added user|0|shost=enterprisedc.enterprise.local cat=user suser=enterprise\\administrator filePath=\\local\\enterprise\\users\\newuser start=Mar 28 2017 14:01:48

Now you can feed your SIEM solutions with data collected by Auditor.