Solved: Logging Login Data of VM

Jan21 · ‎05-21-2024

Hello,

i wanted to ask if there is a way in Splunk to collect failured Login Data from Users on a Virtual Machine that is hosted with VMware, so that i can see if a user tried to login like 5 times and failed the Login on VM 5 times?

Would be nice to use it for finding out if there is some Kind of Brute Force Attack or something else going on.

richgalloway · ‎05-21-2024

Yes, it is possible. If the VM or identity provider logs failed logins to Splunk then you can search those events for multiple attempts within a given timeframe.

---
If this reply helps you, Karma would be appreciated.

View solution in original post

richgalloway · ‎05-21-2024

Yes, it is possible. If the VM or identity provider logs failed logins to Splunk then you can search those events for multiple attempts within a given timeframe.

---
If this reply helps you, Karma would be appreciated.

Jan21 · ‎05-21-2024

But if the VM does not log those Data so far it is not possible?

richgalloway · ‎05-21-2024

Splunk cannot search what it doesn't have.

---
If this reply helps you, Karma would be appreciated.

Logging Login Data of VM

monitoring console

[Puzzles] Solve, Learn, Repeat: Dynamic formatting from XML events

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...

Join the Conversation

Logging Login Data of VM

monitoring console

[Puzzles] Solve, Learn, Repeat: Dynamic formatting from XML events

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...