Splunk Enterprise

Need help with Windows user activity

Roy_9
Motivator

Hello,

Is there any way where we can know what are all applications are accessed by the user instead of just logon/log off activities from the winevent logs? Can someone help me with the search?

 

Thanks

Labels (3)
0 Karma
1 Solution

richgalloway
SplunkTrust
SplunkTrust

Splunk can only tell you what it is told by Windows.  Are you running sysmon on the Windows devices?  If so, then you can get detailed user activity; otherwise, you're limited to what's in the event logs (that have been indexed).

---
If this reply helps you, Karma would be appreciated.

View solution in original post

richgalloway
SplunkTrust
SplunkTrust

Splunk can only tell you what it is told by Windows.  Are you running sysmon on the Windows devices?  If so, then you can get detailed user activity; otherwise, you're limited to what's in the event logs (that have been indexed).

---
If this reply helps you, Karma would be appreciated.
Get Updates on the Splunk Community!

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...

Splunk Observability for AI

Don’t miss out on an exciting Tech Talk on Splunk Observability for AI!Discover how Splunk’s agentic AI ...

🔐 Trust at Every Hop: How mTLS in Splunk Enterprise 10.0 Makes Security Simpler

From Idea to Implementation: Why Splunk Built mTLS into Splunk Enterprise 10.0  mTLS wasn’t just a checkbox ...