Work with Collected Data
Follow the steps to work with collected data:
Step 1 – Navigate to the destination folder and open a CEF log file.
Step 2 – Review audit data exported from the Audit Database. For example, review this CEF-formatted string:
CEF:0|Netwrix|Active Directory|1.0|Added|Added user|0|shost=enterprisedc.enterprise.local cat=user suser=enterprise\\administrator filePath=\\local\\enterprise\\users\\newuser start=Mar 28 2017 14:01:48
Now you can feed your SIEM solutions with data collected by Auditor.