Splunk Enterprise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to check "what" changed in a GPO

rahulkumarfgf
Explorer
‎08-19-2020 06:59 AM

Hello Everyone,

I have searched for this everywhere but have not found any suitable answer. I have Splunk App for Windows Infrastructure installed and I can see the group policy changes in it. However, it only shows the name of the GPO and the user who changed it. I also need to know which GPO attribute was changed by the user. I am not sure how to achieve that using Splunk. I also tried the app "MS Windows AD Objects" but that too doesn't show any relevant information.

I have checked the following link for answers: 
https://community.splunk.com/t5/Archive/Query-for-Checking-GPO-Changes/m-p/384810/highlight/false

https://community.splunk.com/t5/Security/How-to-identify-an-admin-who-made-a-change-in-GPO/m-p/46998...

https://community.splunk.com/t5/All-Apps-and-Add-ons/How-to-correlate-the-admin-user-with-a-GPO-chan...
and all the links within this answer thread.

It would be great if someone can please assist me with this as it's very important for the Organization.

 

Thanks,

Rahul

 

Labels (1)
Labels
0 Karma
Reply

rahulkumarfgf
Explorer
‎08-24-2020 05:40 AM

Hello Everyone,

It would be great if someone could provide any feedback on this request. Thank You!

0 Karma
Reply

rahulkumarfgf
Explorer
‎09-02-2020 11:53 AM

@woodcock : Hi! I apologize for tagging you without permission. I have not received any response on this and your answers have helped me a lot in learning about Splunk, so would really appreciate if you could shed some light on my query. Thank you and have a great day!

0 Karma
Reply
Get Updates on the Splunk Community!

How to Monitor Google Kubernetes Engine (GKE)

We’ve looked at how to integrate Kubernetes environments with Splunk Observability Cloud, but what about ...

Index This | How can you make 45 using only 4?

October 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...

Splunk Education Goes to Washington | Splunk GovSummit 2024

If you’re in the Washington, D.C. area, this is your opportunity to take your career and Splunk skills to the ...