×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
EFonua
Observer
Member since: a month ago
a month ago
Community Statistics
Posts 1
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎04-16-2025
View All

Unknown users reported in Authetication datamodel

by in Splunk Enterprise Security
a month ago
a month ago
We have an alert showing users that are authenticating after working hours for security reasons, I'm sure y'all familiar with, but at the same time, we know who leaves their workstations on during the night. However, we have recently received alerts with "unknown" users reported in the alert. But after checking the host's event viewer (Security Log) and comparing with the timestamps in the alert, the event logs shows the users. Any idea how we can edit our search string, or what may have caused the string to return the unknown value? ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
a month ago