High Level Windows Dashboard

Part 1 – User Logon Activity The following Splunk Dashboard provides a high level view of windows user logon activity. It should be emphasized that the focus of this dashboard is fairly high level, has a time picker (defaulting to 7 days) and shows both successful and failed user logons (table and timechart) as well […]

Continue Reading →

Search Common EventCodes (EventID’s) for Suspicious Behavior

This query searches many common EventCodes (EventID’s) within a Windows environment for suspicious behavior. The query can take some time to run due to it’s length. Excellent for high-level security insight.

Continue Reading →