Downloads: Sample Data

Get started by downloading some sample BSM audit files and analyzing them with Data Fence.

Checking auditing and grabbing some files

A user looks in the audit directory, looks at the audit configuration, and then grabs some files in a couple of potentially dodgy ways. (note: audit data was collected from a virtual machine, so VMware tweaks the bpf devices setting off some alarms).

Download BSM file mavericks_doc_grab.bsm.gz.

Simple startup and shutdown

This has nothing interesting to detect. The machine is booted up and then shutdown. Its purpose is to give you a baseline of audit data to test rules on. Download the BSM file mavericks_boot_shutdown.bsm.gz.