List of Legitimate Account Names in Windows

This splunk query will list all successful logins by account name for a given time range. This query will work on a variety of Windows Operating systems to include XP, 2003, Vista, 2008, 7, 8, and server 2012. I’ve tested in some capacity in Windows 10 for some of my queries, so far they appear to work the same as previous versions.

This query relies on the Splunk App for Windows, grab it here: https://apps.splunk.com/app/742/

 

Share This:

Leave A Comment?