Answered step by step
Verified Expert Solution
Question
1 Approved Answer
Load and open the NEW Windows logs in your Splunk search, specifically the logs named: winevent_logs_2.csv. Note: There are several windows logs, make sure you
Load and open the NEW Windows logs in your Splunk search, specifically the logs named: winevent_logs_2.csv. Note: There are several windows logs, make sure you are selecting the correct one for this activity: winevent_logs_2.csv Design SPL queries to look at the following activity types: An account was successfully logged on. A user account was changed. System security access was granted to an account. A user account was deleted. A user account was locked out. Out of these results, is there an an Account_Name that has a majority of the activity records? Which activity type is it? Hint: Account_Name is different from the User field. In this case, the User field can be ignored. Design an SPL query to present the results to your manager with the following information: The activity type found in Step 2. The primary Account_Name. Simplify the query results to only show the top 50 rows sorted by ComputerName
Step by Step Solution
There are 3 Steps involved in it
Step: 1
Get Instant Access to Expert-Tailored Solutions
See step-by-step solutions with expert insights and AI powered tools for academic success
Step: 2
Step: 3
Ace Your Homework with AI
Get the answers you need in no time with our AI-driven, step-by-step assistance
Get Started
Intermediate Accounting
Authors: J. David Spiceland, James Sepe, Mark Nelson, Wayne Thomas
10th edition
1260481956, 1260310175, 978-1260481952
