Splunk Enterprise Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

User internal_monitoring Attempt to Login?

morethanyell
Builder
‎10-21-2019 07:53 PM

I am investigating on a Geographically Improbable Access notable event. The user internal_monitoring is detected to have successfull logons in 2 different countries. How is this possible? Isn't internal_monitoring a daemon/background process and isn't something that a "human" can use to login?

Please advice. Thanks a lot!

0 Karma
Reply

sulakshanaarora
New Member
‎03-11-2021 01:34 PM

Hi,

Facing something similar, what was your finding?

0 Karma
Reply
Get Updates on the Splunk Community!

Index This | A sphere has three, a circle has two, and a point has zero. What is it?

September 2023 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

Build Scalable Security While Moving to Cloud - Guide From Clayton Homes

 Clayton Homes faced the increased challenge of strengthening their security posture as they went through ...

Mission Control | Explore the latest release of Splunk Mission Control (2.3)

We’re happy to announce the release of Mission Control 2.3 which includes several new and exciting features ...