How can I get Splunk to alert on changes to specific groups in AD?

New Member

I need to do the following:

  1. Specify groups that are to be monitored.
  2. Have a search that lists changes to these groups, including who did the change, what was changed and if a user or group was added or removed who that user or group is.
  3. Send an email to our with a report that list all new changes as soon as the change is performed.

How can I get this done?


0 Karma

Ultra Champion

Hello Frederik,

Did you try the app for Windows Infrastructure?
it has prebuilt dashboards and reports for the requirements specified.
check out the docs as well, this one for example:
Navigate around and check other feature of this app

Hope it helps

0 Karma
Get Updates on the Splunk Community!

Detecting Remote Code Executions With the Splunk Threat Research Team

WATCH NOWRemote code execution (RCE) vulnerabilities pose a significant risk to organizations. If exploited, ...

Enter the Splunk Community Dashboard Challenge for Your Chance to Win!

The Splunk Community Dashboard Challenge is underway! This is your chance to showcase your skills in creating ...

.conf24 | Session Scheduler is Live!!

.conf24 is happening June 11 - 14 in Las Vegas, and we are thrilled to announce that the conference catalog ...