Hi All ,
I am trying to configure a way of monitoring accounts that have had their passwords changed by anyone other than the users themselves .
How can I configure this ?
Are you talking about splunk user?
Hi p_gurav ,
Thanks for your response , this would be for none splunk users .
Are you using windows server? If yes you can monitor user level logs by enabling windows security logs and try to find out WinEvent 4724.
From which system your monitoring user access?
Thanks for your response on this , we do use Windows boxes , I will proceed to run a search using the event code .