Is it possible to lock a Splunk user account if there are multiple failed login attempts? I've created an alert for such events, but was wondering if there was a way to lock an account as well.
We use LDAP lookup which will lock the domain account based on your policy.
Is there any other way besides LDAP?
Thanks, we don't have LDAP set up but it seems it may be the only way to accomplish this.