Scenario: Employees at your organization use a wide variety of peripheral devices with their Windows machines. These include internal devices, such as graphics cards, and external devices, such as monitors, printers, and USBs. Some of these are unique to individual employees and some belong to the organization and are used by many people. You want to track how these devices are used, both for security purposes and for uptime and proper functionality to keep the business running.
How Splunk software can help
You can use Splunk software to monitor usage and functionality of any device on your Windows network, such as printers, USB drives, web cameras, keyboards, and more. You might be called upon to look at usage in support of capacity planning, compliance, or even HR wanting to track flight risks.
What you need
To succeed in implementing this use case, you need the following dependencies, resources, and information.
Managing peripherals in a Windows environment using Splunk software can last up to a couple hours.
The following technologies, data, and integrations are useful in successfully implementing this use case:
- Splunk Enterprise or Splunk Cloud
- Data sources onboarded
- Windows event logs
- Splunk Add-on for Microsoft Windows
How to use Splunk software for this use case
You can run many searches with Splunk software to manage peripherals in a Windows environment. Depending on what information you have available, you might find it useful to identify some or all of the following:
Other steps you can take
To maximize their benefit, the how-to articles linked in the previous section likely need to tie into existing processes at your organization or become new standard processes. These processes commonly impact success with this use case:
- The purpose of these searches is a mix of security, compliance, and capacity planning. Sharing this data with other groups is often beneficial.
These additional Splunk resources might help you understand and implement this use case:
- Blog: Peeping through Windows (logs)
- Conf talk: Security visibility through Windows endpoint analytics
How to assess your results
Measuring impact and benefit is critical to assessing the value of IT operations. The following are example metrics that can be useful to monitor when implementing this use case:
- Jobs per print server
- Pages printed over time