Can you query AD with Elastic to see Last Logon time?

Relatively new to Elastic and all that it can do. Our team is trying to query Active Directory with Elastic so that we can view user's last logon time. We're trying to satisfy DoD requirements relating to accounts needing to be disabled after a certain amount of days and the disablement of temporary/emergency accounts. Is there an Elastic capability that can do this?

You need to be using winlogbeat to pull this data from the event logs and then send them to Elasticsearch, so yes :slight_smile:

(I replied with this in your reddit thread)

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.