How to create dashboard that will closely monitor ...

AidanMarkSmith · ‎03-21-2022

Hi,

I need some help setting up a dashboard that will allow us to closely monitor login activity of certain users and the IP address' they use to ensure we don't have any exploiters trying to access our systems.

Another thing I would like to do, if possible, is to create a dashboard where we can input a username, and then it will show us the login data for that user over a certain period of time.

Regards,

Aidan Smith

nathanluke86 · ‎03-22-2022

This app does what you need

https://splunkbase.splunk.com/app/4240/

tshah-splunk · ‎03-22-2022

Hey @AidanMarkSmith,

If the instances are on Windows OS, you can try installing and configuring https://splunkbase.splunk.com/app/3177/ add-on in your environment. It is pretty much helpful for auditing purposes.

A guide on setting this app can be found here - https://splunkbase.splunk.com/app/3177/#/details

---
If you find the answer helpful, an upvote/karma is appreciated

ITWhisperer · ‎03-21-2022

Please provide some sample (anonymised) events that you have ingested into Splunk for this - preferably in a code block </>

AidanMarkSmith · ‎03-22-2022

Hi,

Unfortunately im not sure how to do this as I am still very much new to using Splunk.

How to create dashboard that will closely monitor login activity of certain users and the IP address?

administration

configuration

investigation

notable event

risk analysis

Introducing the 2024 Splunk MVPs!

Splunk Custom Visualizations App End of Life

Introducing Splunk Enterprise 9.2