1

I am a Newbie to Splunk and working on monitoring the BitLocker process. I wondered if I could leverage any Windows Security logs to check whether the BitLocker was enabled by someone to encrypt files or disks. Also, I wanted to monitor if anyone deleted the BitLocker Recovery key on ActiveDirectory.

Ramhound
  • 44,080
Marklov
  • 11

1 Answers1

0

Start with the MSDN article on BitLocker

Then go to

What do you want to collect? Why? How do you intend to use them?

warren
  • 10,322