Re: AD Logs

[Frank Barton <bartonf () HUSSON EDU>]

Kevin, James, Alan, (et. al.)

These are computer objects, with Login_Type 3 (Network), successful logons.

I honestly wouldn't have noticed if our splunk instance hadn't gone from
using about 60% of our daily license to 160% overnight, and then stayed
that high.

On Mon, Nov 27, 2017 at 11:06 AM, Kevin Wilcox <wilcoxkm () appstate edu>
wrote:

> Hi Frank, stupid question but have you checked trends to see which
> accounts are responsible, whether it’s primarily computer objects, if
> they’re user-present versus network logins, etc.?
>
> kmw
>
> >


-- 
Frank Barton
Security+, ACMT
IT Systems Administrator
Husson University