FREE Trial

Load and open the NEW Windows logs in your Splunk search, specifically the logs named: winevent_logs_2.csv. Note:

Fantastic news! We've Found the answer you've been seeking!

Question:

Load and open the NEW Windows logs in your Splunk search, specifically the logs named: winevent_logs_2.csv. Note: There are several windows logs, make sure you are selecting the correct one for this activity: winevent_logs_2.csv Design SPL queries to look at the following activity types: An account was successfully logged on. A user account was changed. System security access was granted to an account. A user account was deleted. A user account was locked out. Out of these results, is there an an Account_Name that has a majority of the activity records? Which activity type is it? Hint: Account_Name is different from the User field. In this case, the User field can be ignored. Design an SPL query to present the results to your manager with the following information: The activity type found in Step 2. The primary Account_Name. Simplify the query results to only show the top 50 rows sorted by ComputerName

Expert Answer:


answer-question
Related Book For  answer-question
Intermediate Accounting

Intermediate Accounting

ISBN: 978-1260481952

10th edition

Authors: J. David Spiceland, James Sepe, Mark Nelson, Wayne Thomas

See More Books
Posted Date:
See More Questions

Students also viewed these algorithms questions

Financial Crime Compliance Identify And Mitigate Financial Crime Risks 1st Edition - ISBN: 979-8644281169 - Free Book