Hello everyone I am extremely new at using Splunk enterprise and i have been tasked with generating security audits...i am aware of how to use the CLI to generate data integrity audits to ensure the data hasn't been tampered with however i am unsure of how to query audits for the below scenarios:
-brute force attempts
-administrative privilege escalations
any help or guidance is appreciated... I have done limited research in terms of using :
I haven't been able to find much via splunk docs unfortunately.. maybe i havent found the right manual.