Team,
If we have Windows events and AD is synced with Splunk.
How can i search/investigate who modified a DL or who was added in a AD group and who added.
Is there any query or how can i investigate this matter.
Appreciate any help.
Ambris.
↧