Splunk Search

Can someone share documentation on the best process to verify domain controller logs in Splunk?

GIA
Path Finder

I am very new using Splunk but I am enjoying it a lot so far.

I am being tasked with writing a document on how to verify that all Domain Controller's logs are going into Splunk for the SecOps team to action on a daily basis. Can someone please point to a good document on this process? Thank you in advance! 

Labels (1)
0 Karma
1 Solution

gcusello
SplunkTrust
SplunkTrust

Hi @GIA ,

I don't know at what step of the DC monitoring you are:

at first, you should take logs from your DCs using a Splunk Universal Forwarder.

On this UF you have to deploy the Splunk Add-On for Microsoft Windows (https://splunkbase.splunk.com/app/742), enabling all the stanzas.

Then you have to configure your UFs to send logs to a Splunk instance.

On this instance, you have to install the same Splunk Add-On for Microsoft Windows  and the Domain Controller Monitoring App for Splunk (https://splunkbase.splunk.com/app/6698).

This last app should give you some Use Cases for monitoring your DCs, if they aren't sufficient, you can develop your Use Cases using the SPL.

Ciao.

Giuseppe  

View solution in original post

GIA
Path Finder

Thanks a lot!

0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @GIA ,

good for you, see next time!

let me know if I can help you more, or, please, accept one answer for the other people of Community.

Ciao and happy splunking

Giuseppe

P.S.: Karma Points are appreciated 😉

gcusello
SplunkTrust
SplunkTrust

Hi @GIA ,

I don't know at what step of the DC monitoring you are:

at first, you should take logs from your DCs using a Splunk Universal Forwarder.

On this UF you have to deploy the Splunk Add-On for Microsoft Windows (https://splunkbase.splunk.com/app/742), enabling all the stanzas.

Then you have to configure your UFs to send logs to a Splunk instance.

On this instance, you have to install the same Splunk Add-On for Microsoft Windows  and the Domain Controller Monitoring App for Splunk (https://splunkbase.splunk.com/app/6698).

This last app should give you some Use Cases for monitoring your DCs, if they aren't sufficient, you can develop your Use Cases using the SPL.

Ciao.

Giuseppe  

Get Updates on the Splunk Community!

New This Month in Splunk Observability Cloud - Metrics Usage Analytics, Enhanced K8s ...

The latest enhancements across the Splunk Observability portfolio deliver greater flexibility, better data and ...

Alerting Best Practices: How to Create Good Detectors

At their best, detectors and the alerts they trigger notify teams when applications aren’t performing as ...

Discover Powerful New Features in Splunk Cloud Platform: Enhanced Analytics, ...

Hey Splunky people! We are excited to share the latest updates in Splunk Cloud Platform 9.3.2408. In this ...