The RSUSR003 event is used in SAP to check the passwords of standard users in all clients.
Potential Use Cases
This event could be used for the following scenarios:
Do determine if the standard users still have their default passwords.
If the standard users have well-known passwords.
To determine if of the standard users is locked.
The event will look like this in Splunk:
Navigate to this data by using the RSUSR003 t-code. THen enter the user selection parameters, and select the Execute button.
The data below will match the data that is sent to Splunk.