I would like to ask if
1. If SIEM uses CIFS for data retrievall, how will it know which log/s it already parsed and which logs aren't?.
2. How will the SIEM know on what is the last line it parsed on a single log file when it polls it again?.
3. What is the real permission we need to set on an account for CIFS data retrieval?.
4. What is the "nitrosecurity" file it creates when using CIFS sharing?.