Can you please specify exactly what you mean by "Access Logs"?
If I guess I assume you mean logins / access to resources - in which case you would be best off using a normalisation filter and ensuring the rules that you want to bring together are using the same normalisation value or category.
It can be collected from the Domain Controller as well as from each datasource.
You will need to install the UBA content pack.
This content pack will further install & enable polices,alarms, reports,watchlists and correlation rules that will give information about the access logs.
Please refer the below links:
Prashanth B Pillai
McAfee Technical Support
Customer Success Group
Thank you @pbpillai, having to configure SIEM collector on IIS, SQL, ERP or each datasource will probably give me grey hair (+- 350 data sources) i was thinking that collecting from Domain controller will be helpful especially those that we can configure on the ESM than manually on each server/application.
I have installed the UBA content pack but for some reason i am not getting any info for the below especially from the Correllation Engine (will check why). Just to note as well we are using hybrid Azure AD and On Prem AD (for Admin accounts).