Use case in DQL

question

#1

How to apply a logic to identify a user based correlation use case to identify a series of activities performed by any user:

eg:
User logs into a server/device-------->performs some configurational changes--------->clears the audit logs-------->user logs out of the server/device

Windows login + configuration changes + audit logs cleared + logout


#2

Hi @Vamsi_Krishna - All the scenarios mentioned can be covered with the use of DNIF Data Model (DDM). Here is a guide to help you better understand this model: DNIF Data Model