User logged on to multiple machines, alert

I want to configure a stream/alert, that would notify me when a single user connects to mutliple machines in a short amount of time. A Search, Graph would also be useful, but I’d prefer an alert, something like this: https://answers.splunk.com/answers/221765/users-logging-windows-on-two-machines-at-the-same.html

I’m aleady getting EvendID 4624, I just can’t create a proper search.

See if Graylog Aggregates plugin fits the bill.

Please share your findings.

1 Like

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.