1

I am a Newbie to Splunk and working on monitoring the BitLocker process. I wondered if I could leverage any Windows Security logs to check whether the BitLocker was enabled by someone to encrypt files or disks. Also, I wanted to monitor if anyone deleted the BitLocker Recovery key on ActiveDirectory.

Ramhound
  • 41,734
  • 35
  • 103
  • 130
Marklov
  • 11
  • 1

1 Answers1

0

Start with the MSDN article on BitLocker

Then go to

What do you want to collect? Why? How do you intend to use them?

warren
  • 9,920
  • 23
  • 86
  • 147