Security

Using Splunk to identify SSO users that use NTLM

Communicator

Does anyone have some SPL they could share that identifies SSO users that use NTLM to authenticate? Any help with this is greatly appreciated.

Tags (2)
0 Karma
1 Solution

Communicator

Was able to figure this out by pulling a consistent text string produced in the SSO logs and then filtering my SPL around that.

View solution in original post

0 Karma

Communicator

Was able to figure this out by pulling a consistent text string produced in the SSO logs and then filtering my SPL around that.

View solution in original post

0 Karma