We have 500 domain workstations, and we have installed Splunk Universal Forwarders (UF) on the ActiveDirectory server. The question is, how can we monitor the security logs of those workstations f...
Hello, community, I wanted to ask a fundamental question regarding specific logs collection. The question is: Do we really pull logs from the AD by sticking an agent on that AD DC machine/s? I hav...
...:\documents\Confidential] disabled = false
The intent is for it to report access/modifications/deletions to files in that directory, but I am not getting any file monitoring activity r...
Hi all,
I need some assistance please,
I am trying to create a report which shows all ActiveDirectoryactivities carried out. Should contain columns as follows: Login, Account, Domain, Group, i...
Hi All,
Anyone successful able to pull the logs (Sign-in and Audit logs) of ActiveDirectory via Azure Event Hub. If yes which method you follow.
Any other recommendation method. Thanks in advance
Hello,
I'm trying to capture ActiveDirectory information from an AD server. I installed an universal forwarder in this server, and using deployment server I configured an input.conf as the m...
We want to monitorActiveDirectory changes and security Events We are planning to deploy the Universal forwarder to each domain controller. I am confused by the documentation. What is needed/best p...
Hello All, We have a single instance Splunk enterprise (version 7.1) deployment on Linux which is doing everything . We would like to monitor our AD using SPLUNK. I am confused by reading http://d...