Monitoring Windows File Share Permissions with Splunk and PowerShell
I stopped my last blog post on Windows File Shares noting that there was still more to do. Monitoring Windows File Shares is a three part puzzle: Accesses Share Changes Permission Changes We have...
View ArticleSplunking Windows PowerShell Commands
This years user conference was another great conference and we got a ton of questions from you during the conference. Some of them I couldn’t answer at the time – I’m making up for that in between blog...
View ArticleLogging DMVs from Microsoft SQL Server with PowerShell
Some systems are easy to monitor and diagnose – just Splunk the log file or performance counter and you are pretty much done. Others take a little more work. Take, for example, Microsoft SQL Server....
View ArticleActive Directory Replication and Windows Server 2012 R2
If you have upgraded your Active Directory domain to Windows Server 2012 R2 and use the Splunk App for Active Directory, you may have noticed that the replication statistics script doesn’t work the...
View ArticleInstall Splunk with PowerShell (2014 Edition)
One of our avid twitter followers asked how to reliably install the Splunk Universal Forwarder on a Windows host with PowerShell last week. I’ve posted about all the intricacies involved before but...
View ArticleQuick Tip: Upload Logs to Splunk from Windows PowerShell
I had a folder full of log files I wanted to index real quick in my local instance of Splunk. They won’t persist, so the right thing to do is to use the “oneshot” command (documented here). This can be...
View ArticleQuick PowerShell Script to Start Splunk
Got another quick PowerShell post for you. I have a copy of Splunk running locally on my Windows 8.1 workstation. I don’t always leave it running, for obvious resource reasons, therefor I end up...
View ArticleMonitoring Local Administrators on Windows Hosts
It is always gratifying when one of my readers comes to me with a problem. I love challenges. This one had to do with one of my old posts surrounding Local Administrators remotely. Of course, the way...
View ArticleClik here to view.
Using Splunk to Monitor Changes to PowerShell Scripts
I had a question this morning from a customer who was looking for ways to monitor changes made to PowerShell scripts in their environment. They wanted to know who made the changes, but also what...
View ArticleClik here to view.
101 things the mainstream media doesn’t want you to know about PowerShell...
At .conf2016 Steve Brant and I presented on how to detect PowerShell maliciousness using Splunk [2]. The only problem is, if you didn’t attend the conference and only read the PowerPoint slides you...
View Article