Unauthorized User ID Creation Monitoring in Windows/Unix systems

One of the largest Multinational banks with a global presence wants to monitor unauthorized User ID creations in case of fraudulent activities. Splunk's alert management capabilities provide the bank with an effective method of tracking and identifying these types of activities.


  • Manual log Aggregation/Analysis: Tedious process for log aggregation involving multiple teams
  • Lack of a single security platform that could quickly detect ID creation events, aggregate, correlate, analyze data from multiple systems and sources
  • Co-ordination issues – Fraud Investigation Workflow process spread across multiple systems/teams; Increased MTTR (Mean time to resolution)
  • Timely Analysis – correlating information across different log types was difficult and sometimes log data was overwritten, limiting investigations.


  • ID creation events correlated/mapped against matching sources to validate the authenticity of the request
  • Any mapping discrepancy triggers a near real-time alert to flag the security monitoring team for further investigation
  • Splunk-based near real-time ID Creation monitoring dashboards and alerts for Windows/Unix platforms


  • Improved security posture – reduced financial/data losses
  • A single unified platform for near real-time log search, analysis, and reporting
  • Reduced manual efforts/labor costs
  • Quicker Troubleshooting & Response: MTTR reduced from days to minutes; quickly identify & block unauthorized accounts

Monitored Systems/Data Sources: Windows/Unix system logs, User Management System logs (Matching Source), User Provisioning Tool logs (Matching Source)

Users: Information Security Team

Product: Splunk Enterprise

Get in touch

Send us a Message

Looking for general information or have a specific question. Fill the form below or drop
us a line at