If we have Windows events and Active Directory (AD) is synced with Splunk, how can I search/investigate who modified a DL or who was added in an AD group and who added?
Is there any query? or how can I investigate this matter?
Appreciate any help.
... View more