SPL
Monitor for Service Changes in Windows
Description
The following splunk search looks for changes in services within Windows.
15 3
sourcetype="WinEventLog:System" EventCode=7045 NOT (Service_Name=mgmt_service) | eval Message=split(Message,".") | eval Short_Message=mvindex(Message,0) | table _time host Service_Name, Service_Type, Service_Start_Type, Service_Account, Short_Message
Comments
0 total
Be the first to comment on this SPL.
Leave a comment
You must log in to post a comment.