We are trying to audit/monitor administrative activity to Splunk. Is there some canned dashboards or searches that can be used to monitor/review elevated privilege activity? How do we m...
...can add inline to tell splunk I want the "original" event, and not results from my own search activity on the said event? I know I can use a NOT user=me, but that's super explicit and that c...
Hello,
I'm trying to figure out the best way to report/alert on active directory change events. I have admon/event forwarding set up on our DCs (admon on just one).
I need to be able to alert o...
Dear Splunk Community,
I have tried somehow to monitor user activities with Splunk. Through the documentation I found that I can analyze it through index=_audit, however, in these records there a...
I just turned on a splunk forwarder with the active directory monitoring on my AD server.
Since the windows logs WinEventLogs:Security are generating a large number of audit success events :
L...
I need help locating the Logbinger log paths that are actively used in some of our servers. I was told I can find the list using Splunk's TA but when I click on "LogBinder" under apps, it shows b...
I am very new to SPLUNK, If some one could help me on 2 issues I am having with Deploying Splunk for Active Directory Auditing.
some background of the Environment is = Windows 2012 Standard, Activ...
...ffice-365-management-api/office-365-management-activity-api-reference
I want to collect similar data from a local exchange server now but I don't know the logs.
The Splunk Add-on for M...