Splunk Enterprise Security
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Is it possible to use splunk to automate account unlocking but limit it to a set number of times?

dschneider
Engager
‎10-10-2018 08:16 AM

My use case is that we pay a vendor to do unlocks after hours for us. I do not want to turn on the AD setting to unlock an account after x amount of time because of brute force issues.

I was looking to use the Splunk (cloud) alerts we have for when a user gets locked to trigger a powershell to unlock it. But only say 3 times before it alerts and leaves it locked.

I have looked all over but have just parts of my total. The Alerting I have nailed down. It's the action I don't.

We have Splunk Cloud and Splunk ES I am ok if the solution is another add-on.

Does anyone have a suggestion?

Thanks,

Dave

Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Register for .conf25!
Get Updates on the Splunk Community!

.conf25 Global Broadcast: Don’t Miss a Moment

Hello Splunkers, .conf25 is only a click away.  Not able to make it to .conf25 in person? No worries, you can ...

Observe and Secure All Apps with Splunk

 Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

What's New in Splunk Observability - August 2025

What's New We are excited to announce the latest enhancements to Splunk Observability Cloud as well as what is ...