Splunk Enterprise

Need help with Windows user activity

Roy_9
Motivator

Hello,

Is there any way where we can know what are all applications are accessed by the user instead of just logon/log off activities from the winevent logs? Can someone help me with the search?

 

Thanks

Labels (3)
0 Karma
1 Solution

richgalloway
SplunkTrust
SplunkTrust

Splunk can only tell you what it is told by Windows.  Are you running sysmon on the Windows devices?  If so, then you can get detailed user activity; otherwise, you're limited to what's in the event logs (that have been indexed).

---
If this reply helps you, Karma would be appreciated.

View solution in original post

richgalloway
SplunkTrust
SplunkTrust

Splunk can only tell you what it is told by Windows.  Are you running sysmon on the Windows devices?  If so, then you can get detailed user activity; otherwise, you're limited to what's in the event logs (that have been indexed).

---
If this reply helps you, Karma would be appreciated.
Get Updates on the Splunk Community!

Observability Unlocked: Kubernetes Monitoring with Splunk Observability Cloud

  Ready to master Kubernetes and cloud monitoring like the pros?Join Splunk’s Growth Engineering team for an ...

Wrapping Up Cybersecurity Awareness Month

October might be wrapping up, but for Splunk Education, cybersecurity awareness never goes out of season. ...

🌟 From Audit Chaos to Clarity: Welcoming Audit Trail v2

🗣 You Spoke, We Listened  Audit Trail v2 wasn’t written in isolation—it was shaped by your voices.  In ...