I've been asked to come up with a way to audit concurrent Windows logins, and am trying to find anyone who has had success with this in Kibana. I can easily audit logons (4624) and logoffs (4647), but haven't yet figured out how to create an audit (using either a query, visualization, or detection rule) of concurrent logins - e.g., showing 'Average Concurrent Logons per User by Day' ...or something like that.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.