Our Splunk instance doesn't pick up whenever a local admin is added to a box. We have Splunk App for Windows Infrastructure.
Can anyone help?
Here's the Raw event -
SourceName=Microsoft Windows security auditing.
TaskCategory=Security Group Management
Message=A member was added to a security-enabled local group.