I need to create an automatic notification that triggers anytime one of our development team makes a change to the code for one of the web servers for our website. The specifics of the notification don't need to be complex.
Basically if/when Bob makes a change to the code for www. fakewebsite. com, I need to be notified because Bob has a tendancy to forget to let others know. However, I also need to know when he makes changes to ww1. fakewebsite. com. Additionally, I also want to be notified if Tom or Harry or anyone else make changes. So simply monitoring Bob's activity does not cover the need.
For security reasons, I can't provide specific server names or addresses, so please just use a stand in for any examples.
Basically if/when Bob makes a change to the code for www. fakewebsite. com
Where is the code stored? Is it compiled or raw text? Assuming you have access to
C:\fakepath\coderepository\code.js (or even the compiled exe), you can use this article to help you monitor for file changes: https://docs.splunk.com/Documentation/Splunk/latest/Data/MonitorfilesystemchangesonWindows. If properly set up, the fields
User will have the information you're requesting.
How can I correlate Sid values with a specific user? Additionally, I am returning millions of results when monitoring WinEventLog:Security, is there a reliable way to filter for changes to the code?
If you can't already tell, I am quite new to Splunk and IT as a whole.