Hi
I want to set up a report on Splunk server to detect when a user is added to a security group
Can you please help what steps I have to take
Thanks
Your domain controllers must be sending Windows security events to Splunk. Then you can search the wineventlog (or whatever you call it) index for events 4728, 4732, and 4756.
Thanks very much
Your domain controllers must be sending Windows security events to Splunk. Then you can search the wineventlog (or whatever you call it) index for events 4728, 4732, and 4756.