Hi everyone. Is there any way to resolve GPO GUID or SID within Windows Security Logs? For instance, when we change any GPO in the domain it is logged under EventCode 5136. There is a CN name i...
My company is transitioning from an on-premise MFA setup within ADFS to the Azure MFA setup. What's the best approach to getting those MFA events into Splunk? Does theSplunkAddon forMicrosoft...
...isabled."
Anyone have ever experienced this behavior onSplunk ITSI? Or have any knowledge of which is the source app/add-on that contains this eventtype that is being referenced by ITSI?
Thanks!
.... Once that was changed we could launch Splunk, andthen received the errors.
Originally we were using ADFS for SSO and it worked fine, but now when going to the site we get the error, "IDP f...
Hello,
I have some questions regarding Splunk I am new at this.
The first one is: is Theaddonfor Azure Cloud available onSPlunkOn Prem? if no How can we do it ?
The second question w...
All,
We have Windows and Linux BIND DNS servers logging into one index in Splunk. Because of the way Windows logs domain names in DNS requests we are doing a search time extraction. If I want to s...
...where SAML was configured forSplunk (Azure ActiveDirectory > App Registrations > All Applications > search for your app name here): Ask your Azure Admin to create a Client Secret under "C...
Splunk can only connect to one domain in an AD forest at this time. That's a known limitation.
However, is it possible to set whatever user name you want in the SSO header when you do the re-w...
...ommand.
index="Registry"
The steps i did was firstly, to add registry data into Splunk
Home->Add data->Windows Registry->Collect Windows Registry data on this Splunk Server
N...
...t and found that I needed theMicrosoftadd-onforActiveDirectory also configured. So after reading the documentation: https://docs.splunk.com/Documentation/SA-LdapSearch/3.0.1/User/Configure...