Splunk App for Windows Infrastructure: How to find...

msaz · ‎12-21-2017

I'm using the Splunk App for Windows Infrastructure and it's working and returning data. I want to find all inactive accounts in my domains along with last logon/activity time. The 'Domain Accounts: Inactive' report driven by 'secrpt-inactive-users' lists user accounts, but doesn't show last logon/time of activity. How can I also list last logon/activity time?

BenTan · ‎12-21-2017

Hi,

In order for dashboards under Active Directory section to work well, you will need to install additional Add-On namely the Splunk Add-on for Microsoft Active Directory and Splunk Add-on for PowerShell. You might need the Splunk Add-on for Windows DNS if you are interested in collecting DNS related logs.

You can follow the official documentation here to help you:
https://docs.splunk.com/Documentation/MSApp/1.4.2/MSInfra/AbouttheSplunkAppforMSInfrastructure

Regards,
Benjamin

Splunk App for Windows Infrastructure: How to find all inactive accounts in my domains along with last logon/activity time?

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Automating Threat Operations and Threat Hunting with Recorded Future

Join the Conversation