Monitoring Splunk
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How can I monitor if someone is using wireless keyboard or mouse ?

Aizo
New Member
‎01-27-2023 06:16 AM

Hi,

 

Is there any way to control if users are using wireless keyboard or mouse ? 

 

 

Labels (1)
Labels
0 Karma
Reply

Aizo
New Member
‎01-27-2023 09:21 AM

Hello @tej57 

Thank you for your answer.

I forgot to mention that bluetooth is deactivated in BIOS. Using wireless keyboard and mouse is forbidden and I'm wondering how to monitor that users won't connect their wireless devices by dongle USB . (  I can't deactivate USB ports ) 

0 Karma
Reply

tej57
Builder
‎01-27-2023 09:32 AM

For Windows devices, you can enable Security, Application eventlogs using Splunk Add-on for Microsoft Windows. Event Code - 6416 contains the logs whenever an external device connects to the Windows machine. 

For Linux devices, you can monitor the messages directory which contains all the activity information. And then based on the logs, you can setup an alert to get triggered for a specific regex pattern.

0 Karma
Reply

tej57
Builder
‎01-27-2023 07:45 AM

Hello @Aizo,

The wireless keyboard and mouse would be connected to a device using the Bluetooth preferences. If you could monitor the processes or the connectivity logs for a device, you can get the information if the device is connected to a bluetooth mouse/keyboard or not.

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Observability for AI

Don’t miss out on an exciting Tech Talk on Splunk Observability for AI!Discover how Splunk’s agentic AI ...

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...

Watch On Demand the Tech Talk on November 6 at 11AM PT, and empower your SOC to reach new heights! Duration: ...

Splunk Observability as Code: From Zero to Dashboard

For the details on what Self-Service Observability and Observability as Code is, we have some awesome content ...