How will I set up a data model that has Authentication and sub-sessions Default, insecure and Privileged Authentication data model. It uses action of a sucess and failure. I am using the f...
...audit" action="login attempt" curl I only get successful authentication not failed ones. I'm interested to get a list of all failed logins who used curl.
Event result : Audit:[timestamp=05-12-2...
...urposely in respect to the organization): How many of each user category authenticationattempt exist for all successful authentications? Would someone be able to assist me w...
Hi Team, Rule "Insecure Or Cleartext Authentication Detected" detects says when Logon type "8" is detected in windows logs. As per Splunk : Detects authentication requests that transmit t...
I'm trying to make a Swimlane search to use the Authentication Datamodel, and the Privileged Authentication Dataset, and only return users entered into the identity investigator.
This is what I h...
Hello. How would I write a search to show a computer that has been authenticating to multiple machines. For example, a hacker is logged into one computer (let's call it computer "A"), and from that s...
I have configured LDAP authentication with Active Directory on Splunk. We are still waiting on the group to role mapping, so currently we have mapped individual users to specific roles.
However, 1...
Hello all, I'm trying to create an alert for Successful Brute Force Attempts using the Authentication Data Model. Currently, I'm doing this: | tstats summariesonly=true count as s...