Hello,
I want to be able to audit all privileged users within our domain i.e. elevated privileges, install apps, remove files, etc. I noticed there was something called the Splunk App for PCI Compliance - Splunk Enterprise that had an audit privilege user actions function, and wanted to know if that was applicable to domain admins. I've tried searching with `index=_audit user=admin action=edit_user`, however, it does not return enough information and only seems to return information about Splunk. Thanks.
↧