Use case in DQL



How to apply a logic to identify a user based correlation use case to identify a series of activities performed by any user:

User logs into a server/device-------->performs some configurational changes--------->clears the audit logs-------->user logs out of the server/device

Windows login + configuration changes + audit logs cleared + logout


Hi @Vamsi_Krishna - All the scenarios mentioned can be covered with the use of DNIF Data Model (DDM). Here is a guide to help you better understand this model: DNIF Data Model