Splunk Enterprise Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

is there a dashboard for tracking active Directory group changes and local host group changes?

jarose
New Member
‎05-20-2020 01:14 PM

We want to be able to use Splunk as an auditing tool for our groups local and to Active Directory groups. If changes to the groups accur, we want to be able to see that in a Splunk dashboard.

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

ayush1906
Path Finder
‎05-21-2020 10:10 PM

hi Jarose,

Check out this link: Monitor Active Directory in Splunk

If link not visible: https://docs.splunk.com/Documentation/Splunk/8.0.3/Data/MonitorActiveDirectory

alternatively, you can also try monitoring a log file that logs the changes made in the database with splunk file monitor.

View solution in original post

0 Karma
Reply
Solved! Jump to solution

shivanshu1593
Builder
‎05-22-2020 03:16 PM

Yes you can. Splunk has a specific add on for AD. You can check it out. Here's its doc on how to configure and deploy it. I think it'll serve your purpose of bringing those logs into Splunk. Once logs are in, it's very easy to build the required dashboard.

https://docs.splunk.com/Documentation/SA-LdapSearch/3.0.1/User/ConfiguretheSplunkSupportingAdd-onfor...
Thank you,
Shiv
###If you found the answer helpful, kindly consider upvoting/accepting it as the answer as it helps other Splunkers find the solutions to similar issues###
0 Karma
Reply
Solved! Jump to solution
Solution

ayush1906
Path Finder
‎05-21-2020 10:10 PM

hi Jarose,

Check out this link: Monitor Active Directory in Splunk

If link not visible: https://docs.splunk.com/Documentation/Splunk/8.0.3/Data/MonitorActiveDirectory

alternatively, you can also try monitoring a log file that logs the changes made in the database with splunk file monitor.

0 Karma
Reply
Solved! Jump to solution

jarose
New Member
‎05-22-2020 01:56 PM

Do you have any info on how to get the local server groups modifications? Not AD.

Example: administrators group on the local machines.

0 Karma
Reply
Get Updates on the Splunk Community!

New This Month in Splunk Observability Cloud - Metrics Usage Analytics, Enhanced K8s ...

The latest enhancements across the Splunk Observability portfolio deliver greater flexibility, better data and ...

Alerting Best Practices: How to Create Good Detectors

At their best, detectors and the alerts they trigger notify teams when applications aren’t performing as ...

Discover Powerful New Features in Splunk Cloud Platform: Enhanced Analytics, ...

Hey Splunky people! We are excited to share the latest updates in Splunk Cloud Platform 9.3.2408. In this ...