Verification

After completing the setup and configuration, it's important to verify that QRadar is receiving and correctly parsing logs from Secret Server.

  1. In QRadar, go to Log Activity.

  2. Filter by Log Source: Secret Server.

  3. Check for events like:

    • Login Success/Failure

    • Secret Access

    • Password Rotations

    • Session Start/Stop