Monitoring Splunk
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Query for Checking GPO Changes

tbarry138
New Member
‎11-14-2018 05:44 AM

Hi All,

I've been looking for help on a query for a dashboard that can show me when changes are made for my environments GPOs.

I just want it to show who made it(User), What GPO was changed, and when.

Currently mine shows when PC's are getting the updates so it goes off all the time. Does anyone have any queries they can share with me?

Thank You

Tags (1)
0 Karma
Reply

rahulkumarfgf
Explorer
‎08-18-2020 06:55 AM

Hi,

I understand that this thread is a bit old but I have searched for an answer everywhere and haven't found any. So, I was wondering if someone could actually help with this as I have a similar query. I am able to get which group policy changed and by whom, but I also need to know what exactly changed in a GPO. Can someone please tell me how can we do that? I am using Splunk app for Windows Infrastructure and it's set up correctly.

 

Thanks,

0 Karma
Reply
Get Updates on the Splunk Community!

Building Reliable Asset and Identity Frameworks in Splunk ES

 Accurate asset and identity resolution is the backbone of security operations. Without it, alerts are ...

Cloud Monitoring Console - Unlocking Greater Visibility in SVC Usage Reporting

For Splunk Cloud customers, understanding and optimizing Splunk Virtual Compute (SVC) usage and resource ...

Automatic Discovery Part 3: Practical Use Cases

If you’ve enabled Automatic Discovery in your install of the Splunk Distribution of the OpenTelemetry ...