Splunk Search

Can someone share documentation on the best process to verify domain controller logs in Splunk?

GIA
Path Finder

I am very new using Splunk but I am enjoying it a lot so far.

I am being tasked with writing a document on how to verify that all Domain Controller's logs are going into Splunk for the SecOps team to action on a daily basis. Can someone please point to a good document on this process? Thank you in advance! 

Labels (1)
0 Karma
1 Solution

gcusello
SplunkTrust
SplunkTrust

Hi @GIA ,

I don't know at what step of the DC monitoring you are:

at first, you should take logs from your DCs using a Splunk Universal Forwarder.

On this UF you have to deploy the Splunk Add-On for Microsoft Windows (https://splunkbase.splunk.com/app/742), enabling all the stanzas.

Then you have to configure your UFs to send logs to a Splunk instance.

On this instance, you have to install the same Splunk Add-On for Microsoft Windows  and the Domain Controller Monitoring App for Splunk (https://splunkbase.splunk.com/app/6698).

This last app should give you some Use Cases for monitoring your DCs, if they aren't sufficient, you can develop your Use Cases using the SPL.

Ciao.

Giuseppe  

View solution in original post

GIA
Path Finder

Thanks a lot!

0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @GIA ,

good for you, see next time!

let me know if I can help you more, or, please, accept one answer for the other people of Community.

Ciao and happy splunking

Giuseppe

P.S.: Karma Points are appreciated 😉

gcusello
SplunkTrust
SplunkTrust

Hi @GIA ,

I don't know at what step of the DC monitoring you are:

at first, you should take logs from your DCs using a Splunk Universal Forwarder.

On this UF you have to deploy the Splunk Add-On for Microsoft Windows (https://splunkbase.splunk.com/app/742), enabling all the stanzas.

Then you have to configure your UFs to send logs to a Splunk instance.

On this instance, you have to install the same Splunk Add-On for Microsoft Windows  and the Domain Controller Monitoring App for Splunk (https://splunkbase.splunk.com/app/6698).

This last app should give you some Use Cases for monitoring your DCs, if they aren't sufficient, you can develop your Use Cases using the SPL.

Ciao.

Giuseppe  

Get Updates on the Splunk Community!

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Survey for Splunk Admins and App Developers is open now! | Earn a $35 gift card!      Hello there,  Splunk ...

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

You’ve probably heard the latest about AppDynamics joining the Splunk Observability portfolio, deepening our ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

As we’ve seen, integrating Kubernetes environments with Splunk Observability Cloud is a quick and easy way to ...