trying to building out some splunk dashboards, particularly on identifying people trying to circumvent PAM or anything like that?
At this time CA PAM Support does not have this type of information but I have seen several requests for similar information but I think opening an enhancement request from development would help drive this type of documentation. If you do open an enhancement request please post that link in this post to allow others who read this to "vote" on the enhancement.
Splunk is a very informative tool, i have personally integrated CA PAM with Splunk and created lot of custom dashboard which allows operation team to have a quick view of whats happening. But all this is outside CA PAM and manually needs to be done in Splunk onetime. Only thing you needs is Splunk expertise. Let me know if you need any help. will be happy to help you.
Would anyone have a quick setup guide for PAM and Splunk so we can receive events in Splunk. I've downloaded splunk and just want to get up and running quickly to evaluate what information can be received from PAM.