RPF_CHECK - Rule Processing Framework
Data Description
The RPF_CHECK extractor could be used to define number of system/server checks (profile parameters, TP parameters, etc) which could be then monitored. Out of the box it is possible to monitor System Security Baseline using the set of predefined rules/checks distributed together with add-on installation files. Extractor is not active by default. Security Baseline content pack need to be imported before extractor is activated.
Potential Use Cases
This event could be used in the following scenarios:
Security Baseline monitoring, last updated as of the 8.00 release.
SAP Security Notes monitoring, last updated as of the 7.03 release. Recommended approach is to leverage the SM_SAP_NOTES extractor in a Solution Manager system for real-time updates.
Custom configuration parameter monitoring
Metric Filters
The filter is available following the menu option below:
Administrator → Metric Filters->More->Rule Processing Filter

On the left side it is possible to select/drill-down into necessary rule group (by double-click). The list of rules are shown on the right side of the screen. ‘Security Baseline’ content pack could be imported using ‘Import’ button.
Splunk Dashboard
