Hi All ,
I am trying to configure a way of monitoring accounts that have had their passwords changed by anyone other than the users themselves .
How can I configure this ?
Regards
Victor
Hi VictorOl,
Are you talking about splunk user?
Hi p_gurav ,
Thanks for your response , this would be for none splunk users .
Regards ,
Vic
Are you using windows server? If yes you can monitor user level logs by enabling windows security logs and try to find out WinEvent 4724.
From which system your monitoring user access?
Thanks for your response on this , we do use Windows boxes , I will proceed to run a search using the event code .
Regards
Vic