I have a client reporting that Dataminer is "...making millions of requests from the Active Directory/ISE for user access." Not entirely sure where's the best place to start investigating this one. Any thoughts on which logs or configurations might shed some light on this issue?
Thanks!
If the requests that are being seen are mostly queries to retrieve users and group information, ActiveDirectory.txt might be a great place to start.
If it's more actual user login related, SLDataMiner.txt and SLNet.txt could give you some more information on that.
If the reporting of the client included some more details like a certain username or group name, you could also do a folder-wide search in the whole Logging folder to see where else you could find any action mentioning those details.
Thanks Jeroen! I’ll give those a try.