Splunk search for Splunk user modification attempts
Copy
index=_audit sourcetype=audittrail action=edit_user | eval Date=strftime(_time, "%b %d, %Y") |where user!=object| stats count by user, info, object, Date | rename user as User | rename info as "Status" | rename object as "Target Account" | sort - count
This search will provide a table with details on all attempts within Splunk to modify a user
0 comments
[0]
[0]
[0]
[0]
Sign in or Register to submit a comment