This app can be used to track user activity using best practices from the National Security Agency’s Spotting the Adversary with Windows Handbook. The dashboards and searches provide auditors with a full view of how a user is interacting with their local computer and other systems on the network.
###Spotting the Adversary with Windows Event Log Monitoring: https://www.nsa.gov/ia/_files/app/spotting_the_adversary_with_windows_event_log_monitoring.pdf #Install App only needs to be installed on the search head. Documentation: http://docs.splunk.com/Documentation/AddOns/released/Overview/Singleserverinstall
- Splunk is a registered trademark of Splunk, Inc.