Educause Security Discussion mailing list archives
Re: AD Logs
From: Frank Barton <bartonf () HUSSON EDU>
Date: Mon, 27 Nov 2017 11:08:59 -0500
Kevin, James, Alan, (et. al.) These are computer objects, with Login_Type 3 (Network), successful logons. I honestly wouldn't have noticed if our splunk instance hadn't gone from using about 60% of our daily license to 160% overnight, and then stayed that high. On Mon, Nov 27, 2017 at 11:06 AM, Kevin Wilcox <wilcoxkm () appstate edu> wrote:
Hi Frank, stupid question but have you checked trends to see which accounts are responsible, whether it’s primarily computer objects, if they’re user-present versus network logins, etc.? kmw
-- Frank Barton Security+, ACMT IT Systems Administrator Husson University
Current thread:
- AD Logs Frank Barton (Nov 27)
- Re: AD Logs Kevin Wilcox (Nov 27)
- Re: AD Logs Frank Barton (Nov 27)
- Re: AD Logs Blackwood, James (Nov 27)
- Re: AD Logs Kevin Wilcox (Nov 27)