This is actually a question I already the answer for, I just want to use the question/answer style to ensure it complies to the way this forum is setup.
This is how I achieved the CIM compliance for the SQL server audit logs that were read in via the database using the DB Connect application for Splunk.
Please see the answer for the solution information, hopefully this will be available in a future version of the application.
↧