Hello,
I’m fairly new to Graylog.
I have set up Active Directory logs in Graylog.
Now I want to create a widget on a dashboard wich shows a querry of EventID:4740 including their usernames. Is this possible?
Hello and welcome,
Yes this is possible as shown below.
Steps taken:
- Graylog Version 4.0.7
- Elasticsearch 7.10
- MongoDb 4.2
- Installation from YUM package handler on CentOS7
- INPUT GELF/TCP/TLS
- Ensure AD DC has this event ID enabled (i.e. is it visible in Event Viewer)
And the rest you can see in the screen shot.
Hope that helps