I have searched for this everywhere but have not found any suitable answer. I have Splunk App for Windows Infrastructure installed and I can see the group policy changes in it. However, it only shows the name of the GPO and the user who changed it. I also need to know which GPO attribute was changed by the user. I am not sure how to achieve that using Splunk. I also tried the app "MS Windows AD Objects" but that too doesn't show any relevant information.
I have checked the following link for answers:
and all the links within this answer thread.
It would be great if someone can please assist me with this as it's very important for the Organization.
@woodcock : Hi! I apologize for tagging you without permission. I have not received any response on this and your answers have helped me a lot in learning about Splunk, so would really appreciate if you could shed some light on my query. Thank you and have a great day!