Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Can someone share documentation on the best process to verify domain controller logs in Splunk?

GIA
Path Finder
‎11-30-2023 05:19 PM

I am very new using Splunk but I am enjoying it a lot so far.

I am being tasked with writing a document on how to verify that all Domain Controller's logs are going into Splunk for the SecOps team to action on a daily basis. Can someone please point to a good document on this process? Thank you in advance! 

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎11-30-2023 10:52 PM

Hi @GIA ,

I don't know at what step of the DC monitoring you are:

at first, you should take logs from your DCs using a Splunk Universal Forwarder.

On this UF you have to deploy the Splunk Add-On for Microsoft Windows (https://splunkbase.splunk.com/app/742), enabling all the stanzas.

Then you have to configure your UFs to send logs to a Splunk instance.

On this instance, you have to install the same Splunk Add-On for Microsoft Windows  and the Domain Controller Monitoring App for Splunk (https://splunkbase.splunk.com/app/6698).

This last app should give you some Use Cases for monitoring your DCs, if they aren't sufficient, you can develop your Use Cases using the SPL.

Ciao.

Giuseppe  

View solution in original post

Reply
Solved! Jump to solution

GIA
Path Finder
‎12-02-2023 03:28 PM

Thanks a lot!

0 Karma
Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎12-02-2023 10:34 PM

Hi @GIA ,

good for you, see next time!

let me know if I can help you more, or, please, accept one answer for the other people of Community.

Ciao and happy splunking

Giuseppe

P.S.: Karma Points are appreciated 😉

Reply
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎11-30-2023 10:52 PM

Hi @GIA ,

I don't know at what step of the DC monitoring you are:

at first, you should take logs from your DCs using a Splunk Universal Forwarder.

On this UF you have to deploy the Splunk Add-On for Microsoft Windows (https://splunkbase.splunk.com/app/742), enabling all the stanzas.

Then you have to configure your UFs to send logs to a Splunk instance.

On this instance, you have to install the same Splunk Add-On for Microsoft Windows  and the Domain Controller Monitoring App for Splunk (https://splunkbase.splunk.com/app/6698).

This last app should give you some Use Cases for monitoring your DCs, if they aren't sufficient, you can develop your Use Cases using the SPL.

Ciao.

Giuseppe  

Reply
Get Updates on the Splunk Community!

New Case Study Shows the Value of Partnering with Splunk Academic Alliance

The University of Nevada, Las Vegas (UNLV) is another premier research institution helping to shape the next ...

How to Monitor Google Kubernetes Engine (GKE)

We’ve looked at how to integrate Kubernetes environments with Splunk Observability Cloud, but what about ...

Index This | How can you make 45 using only 4?

October 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...