Splunk Enterprise Security
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Finding Changes To Audit Mechanisms or Audit/Data Logs

gthomas719
New Member
‎12-26-2019 08:02 AM

Was hoping someone could give me some assistance with finding changes to audit mechanisms or changes to audit/data logs. Basically I'm trying to find out if someone has changed auditing policy or logs to try to hide nefarious activities from being captured in both Linux and Windows. I know Windows has EventCodes such as 4715, 4719, 4908, and 4912 that are audited, even if audit is changed or turned off, but am I missing something else, and what is the best way to try to find it in Linux?

0 Karma
Reply
Get Updates on the Splunk Community!

Aligning Observability Costs with Business Value: Practical Strategies

 Join us for an engaging Tech Talk on Aligning Observability Costs with Business Value: Practical ...

Mastering Data Pipelines: Unlocking Value with Splunk

 In today's AI-driven world, organizations must balance the challenges of managing the explosion of data with ...

Splunk Up Your Game: Why It's Time to Embrace Python 3.9+ and OpenSSL 3.0

Did you know that for Splunk Enterprise 9.4, Python 3.9 is the default interpreter? This shift is not just a ...