The HDB_DBCC_AUDIT event is used to collect HANA Audit logs. As a prerequisite, Audit needs to be configured and enabled on DB side. More information located here: Activate and Configure Auditing - SAP Help Portal
Extractor requires AUDIT READ system privilege to read the log (privilege needs to be assigned to SAP DB user).
Potential Use Cases
Auditing provides you with visibility on who did what in the SAP HANA database (or tried to do what) and when. This allows you, for example, to log and monitor read access to sensitive data. Audit log allows you to monitor and record selected actions performed in the SAP HANA database.
It can help you achieve greater security in the following ways:
Uncover security holes if too many privileges were granted to some user
Show attempts to breach security
Protect the system owner against accusations of security violations and data misuse
Allow the system owner to meet security standards
Following actions are typically audited:
Changes to user authorization
Creation or deletion of database objects
Authentication of users
Changes to system configuration
Access to or changing of sensitive information
The event will look like this in Splunk:
The Audit log is available on DB level.