Hi all,
I work for my local county and we have several IT departments for different divisions.
I was wondering if Splunk can be configured to send account lockout notifications to specified email addresses based on the accounts that get locked out.
We just switched over from SolarWinds to Splunk. In SolarWinds we configured it to monitor certain AD accounts in a security group and only notify the IT department that manages those accounts.
Our IT person who has implemented Splunk says this is not possible and that it is all or nothing. Is this true? If not, is there documentation somewhere that would show how to configure this? I did a quick search and wasn't able to find anything that specifically answered my question. I'd like to provide our Splunk admin with something to go on to get this configured so we aren't all getting 40-50 account lockout notifications per day.
Thanks,
Brandon
,Hi all,
I work for the county. And we just switched over to Splunk from SolarWinds. We have a couple of different IT departments depending on the division. Right now all account lockouts across the county are being sent to every IT team (email we have configure sends to them all). SolarWinds was able to notify a different email address when certain accounts in an AD security group got locked out.
I was wondering if there was a way to send notifications to certain IT groups based on which ad accounts get locked out.
Our IT person handling Splunk is saying that this isn't possible and that it is all or nothing. I find this hard to believe. Are they correct?
Thanks,
Brandon
... View more