List of Users in a Linux Environment

The following splunk query will ouput a list of user accounts appearing in linux_secure audit logs:

sourcetype=linux_secure | rex "\suser[^'](?<User>\S+\w+)" | stats count by User
Share This:

Leave A Comment?