Downloads: Sample Data
Get started by downloading some sample BSM audit files and analyzing them with Data Fence.
Checking auditing and grabbing some files
A user looks in the audit directory, looks at the audit configuration, and then grabs some files in a couple of potentially dodgy ways. (note: audit data was collected from a virtual machine, so VMware tweaks the bpf devices setting off some alarms).
Download BSM file mavericks_doc_grab.bsm.gz.
Simple startup and shutdown
This has nothing interesting to detect. The machine is booted up and then shutdown. Its purpose is to give you a baseline of audit data to test rules on. Download the BSM file mavericks_boot_shutdown.bsm.gz.