1 May 2020

Active Directory: Group and Membership Changes – Windows Event IDs, Auditing, Splunk (Bonus: Security Events for Investigation, Audit)

By |2023-03-08T11:21:04-08:00May 1, 2020 - Friday|Security, Technology|

Read: 13 mins. How do you find out who made a change to an Active Directory or Builtin Local Group? Which users were added to or removed from a group? When was a group deleted? In this post, we look at Group and Membership change Event IDs, and explore how to use Splunk to find relevant information to aid in your investigations.

Go to Top