Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to search and alert if anyone accesses a certain mailbox or SharePoint sites other than approved members?

syed_star357
New Member
‎08-20-2016 09:58 PM

Hi Team,

How can I write search for the below use case? We have a Financial Audit Department. If any one accesses Financial Audit Department mailbox or Sharepoint sites apart from the Financial Audit Department members, I want to search and alert on this.

Access to mailboxes by a sys admin or a delegate for the Financial Audit Department.

Access to FAD Sharepoint sites by the Administrators.

Regards,
Syed

0 Karma
Reply

martin_mueller
SplunkTrust
SplunkTrust
‎08-21-2016 06:35 AM

You will need these things:

  • access logs for your mailboxes and sharepoint sites
  • a Splunk instance getting above logs
  • a way to tell "user is part of FAD or not", e.g. LDAP search, DB lookup, static list, etc., producing a user->department lookup

Once you have these, you can search something like this:

index=fad (sourcetype=sharepoint_access OR sourcetype=mailbox_access) NOT department=fad

Then alert whenever that search returns results.

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...