Splunk Enterprise Security

Monitoring Account Creation in Windows with High Privileges

arorayo
New Member

over ES , any way to monitor windows account assigned with high privilege.
I only know of EventID 4672 . What all other events could be monitored

0 Karma

adonio
SplunkTrust
SplunkTrust
0 Karma
.conf21 CFS Extended through 5/20!

Don't miss your chance
to share your Splunk
wisdom in-person or
virtually at .conf21!

Call for Speakers has
been extended through
Thursday, 5/20!