How can I monitor if someone is using wireless ke...

Aizo · ‎01-27-2023

Hi,

Is there any way to control if users are using wireless keyboard or mouse ?

Aizo · ‎01-27-2023

Thank you for your answer.

I forgot to mention that bluetooth is deactivated in BIOS. Using wireless keyboard and mouse is forbidden and I'm wondering how to monitor that users won't connect their wireless devices by dongle USB . ( I can't deactivate USB ports )

tej57 · ‎01-27-2023

For Windows devices, you can enable Security, Application eventlogs using Splunk Add-on for Microsoft Windows. Event Code - 6416 contains the logs whenever an external device connects to the Windows machine.

For Linux devices, you can monitor the messages directory which contains all the activity information. And then based on the logs, you can setup an alert to get triggered for a specific regex pattern.

tej57 · ‎01-27-2023

Hello @Aizo,

The wireless keyboard and mouse would be connected to a device using the Bluetooth preferences. If you could monitor the processes or the connectivity logs for a device, you can get the information if the device is connected to a bluetooth mouse/keyboard or not.

How can I monitor if someone is using wireless keyboard or mouse ?

monitoring console

Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...

Splunk APM: New Product Features + Community Office Hours Recap!

Index This | Forward, I’m heavy; backward, I’m not. What am I?