- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Is it possible to create an alert in Splunk Enterprise if a command is run in CMD?
rodiers01
New Member
05-18-2017
10:36 AM
Is it possible in Splunk Enterprise to create an alert if someone were to run a command in MS-DOS?
Specifically I'm looking to create an alert if this command below is run in CMD
auditpol /clear /y
This is something a malicious actor would do so that auditing is turned off on the machine and then they can go about their business.
Thanks for any input
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
wenthold
Communicator
05-18-2017
01:12 PM
I believe you want to enable command line logging in Windows.