Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
×
Join the Conversation
Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- About corecomputetool
corecomputetool
New Member
Member since:
06-10-2019
06-05-2020
Community Statistics
| Posts | 9 |
| Solutions | 0 |
| Karma Given | 0 |
| Karma Received | 0 |
| Member Since | 06-10-2019 |
Activity Feed
- Posted SPL to find first time account access on Splunk Search. 08-26-2019 01:46 AM
- Tagged SPL to find first time account access on Splunk Search. 08-26-2019 01:46 AM
- Posted How to add new AD-groups to monitor in splunk? on Monitoring Splunk. 08-06-2019 11:29 PM
- Tagged How to add new AD-groups to monitor in splunk? on Monitoring Splunk. 08-06-2019 11:29 PM
- Posted Need to know Configuration of security group on Getting Data In. 06-30-2019 08:30 PM
- Tagged Need to know Configuration of security group on Getting Data In. 06-30-2019 08:30 PM
- Posted how to configure the security ACL group to capture any members added/removed on to the ACL group on Splunk Search. 06-30-2019 07:23 PM
- Tagged how to configure the security ACL group to capture any members added/removed on to the ACL group on Splunk Search. 06-30-2019 07:23 PM
- Posted Re: How to get top 10 data source from Splunk ? on Splunk Search. 06-10-2019 11:26 PM
- Posted Re: How to get top 10 data source from Splunk ? on Splunk Search. 06-10-2019 11:20 PM
- Posted Re: How to get top 10 data source from Splunk ? on Splunk Search. 06-10-2019 11:16 PM
- Posted Re: How to get top 10 data source from Splunk ? on Splunk Search. 06-10-2019 10:46 PM
- Posted How to get top 10 data source from Splunk ? on Splunk Search. 06-10-2019 10:29 PM
- Tagged How to get top 10 data source from Splunk ? on Splunk Search. 06-10-2019 10:29 PM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 |
08-26-2019
06:29 AM
Hi,
Can you provide a sample of your data and the expected result please?
Can you share the return of your SPL request too please?
Best regards,
Adrian
... View more
08-07-2019
12:00 AM
See if below links can help you. There are many related answers in the 1st link
https://docs.splunk.com/Documentation/Splunk/7.3.1/Data/MonitorActiveDirectory
https://answers.splunk.com/answers/216884/monitoring-active-directory-groups-is-it-possible.html
... View more
07-01-2019
12:05 AM
Hi @corecomputetools,
If you're talking about AWS security groups then have a look here :
"You can layer Config, CloudTrail, and CloudWatch Events on top of Amazon VPC security groups to provide a defense-in-depth approach to security. Though VPC security groups provide critical filtering capabilities, Config rules, CloudTrail, and CloudWatch Events take the protection to a deeper level by monitoring security groups and notifying you of potentially unintended changes."
https://aws.amazon.com/blogs/security/how-to-monitor-aws-account-configuration-changes-and-api-calls-to-amazon-ec2-security-groups/
If you're talking about Splunk roles then you can use the following REST endpoint to craft a search that fetches specifically the roles and users you wish to monitor :
| rest services/authorization/roles
Let me know if that helps.
Cheers,
David
... View more
06-30-2019
07:23 PM
We have to configure the monitoring for added/removed users in certain servers in Splunk ,
... View more
- Tags:
- splunk-enterprise
06-10-2019
11:34 PM
Most welcome, use the tstats when trying to access metadata and display a count by index, host or even sourcetype. Let me know if you're getting faster results with this search 🙂
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
06-05-2020
02:04 AM
|
