Security

Is it possible to lock a Splunk user account on failed logins?

sc0tt
Builder

Is it possible to lock a Splunk user account if there are multiple failed login attempts? I've created an alert for such events, but was wondering if there was a way to lock an account as well.

Tags (4)
0 Karma

m4him7
Path Finder

We use LDAP lookup which will lock the domain account based on your policy.

khyoung7410
Communicator

Is there any other way besides LDAP?

0 Karma

sc0tt
Builder

Thanks, we don't have LDAP set up but it seems it may be the only way to accomplish this.

0 Karma
Get Updates on the Splunk Community!

Splunk Enterprise Security 8.0.2 Availability: On cloud and On-premise!

A few months ago, we released Splunk Enterprise Security 8.0 for our cloud customers. Today, we are excited to ...

Logs to Metrics

Logs and Metrics Logs are generally unstructured text or structured events emitted by applications and written ...

Developer Spotlight with Paul Stout

Welcome to our very first developer spotlight release series where we'll feature some awesome Splunk ...