Splunk Enterprise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to check "what" changed in a GPO

rahulkumarfgf
Explorer
‎08-19-2020 06:59 AM

Hello Everyone,

I have searched for this everywhere but have not found any suitable answer. I have Splunk App for Windows Infrastructure installed and I can see the group policy changes in it. However, it only shows the name of the GPO and the user who changed it. I also need to know which GPO attribute was changed by the user. I am not sure how to achieve that using Splunk. I also tried the app "MS Windows AD Objects" but that too doesn't show any relevant information.

I have checked the following link for answers: 
https://community.splunk.com/t5/Archive/Query-for-Checking-GPO-Changes/m-p/384810/highlight/false

https://community.splunk.com/t5/Security/How-to-identify-an-admin-who-made-a-change-in-GPO/m-p/46998...

https://community.splunk.com/t5/All-Apps-and-Add-ons/How-to-correlate-the-admin-user-with-a-GPO-chan...
and all the links within this answer thread.

It would be great if someone can please assist me with this as it's very important for the Organization.

 

Thanks,

Rahul

 

Labels (1)
Labels
0 Karma
Reply

rahulkumarfgf
Explorer
‎08-24-2020 05:40 AM

Hello Everyone,

It would be great if someone could provide any feedback on this request. Thank You!

0 Karma
Reply

rahulkumarfgf
Explorer
‎09-02-2020 11:53 AM

@woodcock : Hi! I apologize for tagging you without permission. I have not received any response on this and your answers have helped me a lot in learning about Splunk, so would really appreciate if you could shed some light on my query. Thank you and have a great day!

0 Karma
Reply
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...

New in Observability Cloud - Explicit Bucket Histograms

Splunk introduces native support for histograms as a metric data type within Observability Cloud with Explicit ...