I need a query to view disk encryption (DAR) of all my hosts, be it Bit Locker, LUKS, etc.
index=* host=* | ???
Thank you in advance.
Do you have data in splunk that denotes that the disk in encrypted? There are a few things to know here:
Specifically for BitLocker, those are included in Windows Events. This answer may be helpful in finding where they are: https://community.splunk.com/t5/Getting-Data-In/Retrieving-Windows-Event-logs-with-hyphens-in-the-na...