Solved: Need help with Windows user activity

Roy_9 · ‎02-15-2024

Hello,

Is there any way where we can know what are all applications are accessed by the user instead of just logon/log off activities from the winevent logs? Can someone help me with the search?

Thanks

richgalloway · ‎02-15-2024

Splunk can only tell you what it is told by Windows. Are you running sysmon on the Windows devices? If so, then you can get detailed user activity; otherwise, you're limited to what's in the event logs (that have been indexed).

---
If this reply helps you, Karma would be appreciated.

View solution in original post

richgalloway · ‎02-15-2024

Splunk can only tell you what it is told by Windows. Are you running sysmon on the Windows devices? If so, then you can get detailed user activity; otherwise, you're limited to what's in the event logs (that have been indexed).

---
If this reply helps you, Karma would be appreciated.

Need help with Windows user activity

administration

installation

troubleshooting

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Automating Threat Operations and Threat Hunting with Recorded Future

Join the Conversation