Getting Data In

How to monitor mmc certificates snap-in?

chimbudp
Contributor

how to set the inputs.conf in UF to monitor Certificates Snap-in via mmc ?
Windows

0 Karma

bjoernjensen
Contributor

Hi!

Even though this question is old I ran into the same thing today. Here is what I have found so far:

In the Windows Events you will find changes on the keystore of Windows here:

Event Viewer > Applications and Services Logs > Microsoft > Windows > CertificateServicesClient-Lifecycle-System
Event Viewer > Applications and Services Logs > Microsoft > Windows > CertificateServicesClient-Lifecycle-User

I will be picking both branches. Within those you find if a certificate has been added or removed, etc.

All the best,
Björn

0 Karma
Get Updates on the Splunk Community!

Prove Your Splunk Prowess at .conf25—No Prereqs Required!

Your Next Big Security Credential: No Prerequisites Needed We know you’ve got the skills, and now, earning the ...

Splunk Observability Cloud's AI Assistant in Action Series: Observability as Code

This is the sixth post in the Splunk Observability Cloud’s AI Assistant in Action series that digs into how to ...

Splunk Answers Content Calendar, July Edition I

Hello Community! Welcome to another month of Community Content Calendar series! For the month of July, we will ...