Comments on: howto://configure splunk> to monitor active directory http://retrohack.com/how-to-configure-splunk-to-monitor-active-directory/ lest the tubes become overfull Tue, 15 May 2012 22:46:35 +0000 hourly 1 http://wordpress.org/?v= By: Ed Fisherhttp://retrohack.com/how-to-configure-splunk-to-monitor-active-directory/comment-page-1/#comment-3011 Ed Fisher Mon, 07 May 2012 19:49:58 +0000 http://retrohack.com/how-to-configure-splunk-to-monitor-active-directory/#comment-3011 It had nothing to do with Splunk, who are a great group of people and a great company. It had nothing to do with Splunk, who are a great group of people and a great company.

]]> By: Trufflehttp://retrohack.com/how-to-configure-splunk-to-monitor-active-directory/comment-page-1/#comment-3008 Truffle Thu, 03 May 2012 21:56:44 +0000 http://retrohack.com/how-to-configure-splunk-to-monitor-active-directory/#comment-3008 Why in the world did you have to take posts down? Why in the world did you have to take posts down?

]]> By: Ed Fisherhttp://retrohack.com/how-to-configure-splunk-to-monitor-active-directory/comment-page-1/#comment-3007 Ed Fisher Thu, 03 May 2012 20:49:53 +0000 http://retrohack.com/how-to-configure-splunk-to-monitor-active-directory/#comment-3007 Sorry Tim, I don't do splunk anymore, and had to take down several of my better splunk posts. Check out Michael Wilde's stuff at splunkninja.com. He has some great stuff that should help you out. Sorry Tim, I don’t do splunk anymore, and had to take down several of my better splunk posts. Check out Michael Wilde’s stuff at splunkninja.com. He has some great stuff that should help you out.

]]> By: Trufflehttp://retrohack.com/how-to-configure-splunk-to-monitor-active-directory/comment-page-1/#comment-3004 Truffle Tue, 01 May 2012 19:07:34 +0000 http://retrohack.com/how-to-configure-splunk-to-monitor-active-directory/#comment-3004 any update on this? I just got AD into splunk now I need to make it useful any update on this? I just got AD into splunk now I need to make it useful

]]> By: Ed Fisherhttp://retrohack.com/how-to-configure-splunk-to-monitor-active-directory/comment-page-1/#comment-1615 Ed Fisher Tue, 15 Mar 2011 23:29:58 +0000 http://retrohack.com/how-to-configure-splunk-to-monitor-active-directory/#comment-1615 Hi Erik, Soon, where that just became a lot sooner than it was since now I know someone is interested. Thanks for commenting, and please stand by. If you are in an immediate jam, there are some good posts in the Splunk> forums that should help you get started. Ed Hi Erik,
Soon, where that just became a lot sooner than it was since now I know someone is interested.
Thanks for commenting, and please stand by. If you are in an immediate jam, there are some good posts in the Splunk> forums that should help you get started.
Ed

]]> By: Erik Curtishttp://retrohack.com/how-to-configure-splunk-to-monitor-active-directory/comment-page-1/#comment-1610 Erik Curtis Mon, 14 Mar 2011 23:10:58 +0000 http://retrohack.com/how-to-configure-splunk-to-monitor-active-directory/#comment-1610 <blockquote>check back soon, as we’ll have a follow up post or two on querying/monitoring AD with splunk</blockquote> Any eta on the follow up post?

check back soon, as we’ll have a follow up post or two on querying/monitoring AD with splunk

Any eta on the follow up post?

]]> By: Ed Fisherhttp://retrohack.com/how-to-configure-splunk-to-monitor-active-directory/comment-page-1/#comment-654 Ed Fisher Tue, 29 Jun 2010 13:58:35 +0000 http://retrohack.com/how-to-configure-splunk-to-monitor-active-directory/#comment-654 <em>Hi Luke, Sorry I didn't get to comments sooner (had a big server fall down go boom issue last night at work,) but I'm glad you found your answer already. Use that as a pattern...many other events that you might want to report on like GPO changes, account resets, etc. will be found in the same manner. I have an upcoming post about these as well. Thanks for dropping by! Ed</em> Hi Luke,
Sorry I didn’t get to comments sooner (had a big server fall down go boom issue last night at work,) but I’m glad you found your answer already. Use that as a pattern…many other events that you might want to report on like GPO changes, account resets, etc. will be found in the same manner. I have an upcoming post about these as well.
Thanks for dropping by!
Ed

]]> By: Lukehttp://retrohack.com/how-to-configure-splunk-to-monitor-active-directory/comment-page-1/#comment-653 Luke Tue, 29 Jun 2010 03:51:15 +0000 http://retrohack.com/how-to-configure-splunk-to-monitor-active-directory/#comment-653 ignore my last comment, I figured it out: search sourcetype="WinEventLog:Security" "Message=Security Enabled Global Group Member"L. :) ignore my last comment, I figured it out:
search sourcetype=”WinEventLog:Security” “Message=Security Enabled Global Group Member”

L. :)

]]> By: Lukehttp://retrohack.com/how-to-configure-splunk-to-monitor-active-directory/comment-page-1/#comment-652 Luke Mon, 28 Jun 2010 22:45:15 +0000 http://retrohack.com/how-to-configure-splunk-to-monitor-active-directory/#comment-652 nice howto :)have you discovered a way to run a splunk search for an AD update and determine who modified the object in AD? nice howto :)

have you discovered a way to run a splunk search for an AD update and determine who modified the object in AD?

]]> By: Splunkhttp://retrohack.com/how-to-configure-splunk-to-monitor-active-directory/comment-page-1/#comment-650 Splunk Fri, 25 Jun 2010 16:55:08 +0000 http://retrohack.com/how-to-configure-splunk-to-monitor-active-directory/#comment-650 <span class="topsy_trackback_comment"><span class="topsy_twitter_username"><span class="topsy_trackback_content">RT @retrohack: New #retrohack post: howto://configure splunk> to monitor active directory http://bit.ly/a17ATd</span></span> RT @retrohack: New #retrohack post: howto://configure splunk> to monitor active directory http://bit.ly/a17ATd

]]>