Hi,
I need some help setting up a dashboard that will allow us to closely monitor login activity of certain users and the IP address' they use to ensure we don't have any exploiters trying to access our systems.
Another thing I would like to do, if possible, is to create a dashboard where we can input a username, and then it will show us the login data for that user over a certain period of time.
Regards,
Aidan Smith
Hey @AidanMarkSmith,
If the instances are on Windows OS, you can try installing and configuring https://splunkbase.splunk.com/app/3177/ add-on in your environment. It is pretty much helpful for auditing purposes.
A guide on setting this app can be found here - https://splunkbase.splunk.com/app/3177/#/details
Please provide some sample (anonymised) events that you have ingested into Splunk for this - preferably in a code block </>
Hi,
Unfortunately im not sure how to do this as I am still very much new to using Splunk.