We have a number of data sources that generate flat files that are moved to a central CIFS Server. I would like to add these data sources to the SIEM but the confguration doesn't seem to allow for this scenario as the details used to configure the data source are the also used for the CIFS connection unless I can use the path field for this purpose.
How are the logs stored from the different data sources? Are they named differently, in different directories in the same share?
I don't honestly quite understand the problem. Generally in a scenario like this, I'd setup the CIFS as a system profile so you only have to add (and update) the settings once.
Then you can add the data sources and just setup the path and or log names as needed in separate data sources (as clients/children if you prefer). For example, if they log files are named ServerName.log, you might have one data source pulling Server1.log, and another pulling Server2.log.
I did a quick test in our lab and didn't have a problem having this type of setup with two different data sources added.
Download the new ePolicy Orchestrator (ePO) Support Center Extension which simplifies ePO management and provides support resources directly in the console. Learn more about ePO Support Center