Read: 5 mins. This article covers three ways to audit Azure Active Directory Role changes, such as the Global Administrators: Azure Portal, Microsoft 365 Compliance Center, and Splunk (SIEM).
Read: 24 mins. Splunk is a GREAT tool to aggregate and correlate information from a variety of sources, and its SPL queries can help surface what you may need. In this post, we extend our previous Active Directory Account Lockout Troubleshooting article with Splunk Dashboards. SimpleXML source codes are provided to create visual representations of Windows Security event log data to aid with lockout investigations. They can also help identify data or behavior patterns and how many accounts are failing authentication over a specific time period.
Read: 12 mins. How do you find out who made a change to an Active Directory or Builtin Local Group? Which users were added to or removed from a group? When was a group deleted? In this post, we look at Group and Membership change Event IDs, and explore how to use Splunk to find relevant information to aid in your investigations.
Read: 18 mins. A Windows account keeps getting locked out and breaks a business-critical application that is responsible for a large volume of revenue. Angry customers have called into customer service to complain, and your manager has asked you for help. How do you find the source for the lockouts? Here is a comprehensive guide to aid you with resolving the issue. BONUS: Look up when an account was modified, disabled, enabled, unlocked, or had its password reset -- and by whom
Read: 4 mins. The Tough Mudder is one of my favorite, team-oriented races that consists of about 20 obstacles laid out over a distance of 10-12 miles. My second time participating was as fun as the first time!