You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Splunk User
51f28ad3da
|
2 years ago | |
|---|---|---|
| .. | ||
| bin | ||
| default | ||
| local | 2 years ago | |
| metadata | ||
| static | ||
| README | ||
| splunkbase.manifest | ||
README
App Name: winwatch
Version: 1.1
Author: Securonix Anjaneyulu Bollimuntha
Installation and Configuration document:
Support Contact:anjirhl@gmail.com
Description of the App:
The WinWatch App for Splunk provides an Executive and Operational view of key metrics and trends derived using windows security event log.
Prerequisites:
• Splunk Enterprise / light / cloud server.
• Log data with source type : WinEventLog:Security
Install the WinWatch App
The WinWatch app has been provided as a “.tar.gz” file. Please follow the standard app import process in Splunk through the “Manage Apps” menu to install the WinWatch App.
>> Click on the “Manage Apps” from Apps drop down and Choose “Install app from file” option.
<< Dashboard Details >>
User Logon Metrics / Trends
The initial three panels provide day-day comparison of below items (last 48hrs).
No of servers people accessed.
No of unique accounts used.
Total logon count.
Total logon trend.
Interactive logon trend
Non-Interactive logon trend (network,batch ..etc).
Management Activities
The first four panels in the dashboard provides the below details.
- Count of accounts created count (Day-Day comparison)
- Count of accounts Removed count (Day-Day comparison)
- Count of accounts Modified (Day-Day comparison)
- Trend over time (Account created / removed) for the selected timeframe.
- Activity trend of accounts being enabled and disabled.
- Activity trend of accounts being locked and unlocked.
- Activity trend of firewall rule changes.
- Activity trend of domain and audit policy changes.