We are trying to audit/monitor administrative activity to Splunk. Is there some canned dashboards or searches that can be used to monitor/review elevated privilege activity? How do we m...
Hi,
In some cases it seems Splunk adds this kind of info to some winsec events:
Audit:[timestamp=04-03-2011 04:13:13.169, user=splunk-system-user, action=search, info=granted , search_id='s...
I need to create an audit for AD changes and have followed all steps in https://support.logbinder.com/SuperchargerKB/50135/8-Install-Supercharger-with-Splunk-Light-and-the-Splunk-App-for-L...
I'm trying to search for an event that tells me that a role was added or removed for some LDAP group or user. I'd like to know when capabilities have been changed due to addition or removal of a r...
Hi Team, I want to automate my ADauditing process with splunk. Currently I have a powershell script and a free tool Pingcastle, which I uses for the process. Is there any way I can i...
...luster members due to administration issues.
With this situation, can I just simply add those standalone indexers as search peers for my search head cluster from the GUI? Or is there another ad...
Hello!
I need to show audit access to a file in Windows, in the context of a certain group in the AD.
For example: there is a file called file_for_test.doc. To view the latest data on the audit...
Hi , Can we integrate window AD with Splunk administration ?? OR can we integrate with TACAS and RADIUS for centralization user administraion ? Our Splunk Enterprise is installed on Linux p...
In Phantom, when adding an External Splunk under Administration Settings -> Search Settings, getting an error that test connection failed and when saving getting this error:
"Save changes f...
...owever, not able to get the audit logs (administrative changes) from AIX servers onto splunk. Kindly advise what confiurations needed to be done at both splunk end as well as AIX server end?